[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [cobalt-security] how many shells do I need in /etc/shells?
- Subject: Re: [cobalt-security] how many shells do I need in /etc/shells?
- From: Ted Behling <TBehling@xxxxxxxxxxxxx>
- Date: Thu, 16 Aug 2001 11:04:37 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
At 11:32 AM 8/16/01 -0400, Kevin D wrote:
>Maybe this is too obvious, but /bin/sh is a primary shell for many of the
>shell scripts on the system, and should absolutely not be removed.
I agree that it should not be removed. In fact, it's just a symlink for bash.
If I understand things correctly, the /etc/shells file defines valid login
shells. Use of a shebang line (#!/path) in a script does not depend on
/etc/shells. Keep in mind Perl isn't in your list of allowed shells.
>You're really not going to gain much by removing unnecessary shells. Any
>hacker is probably going to use /bin/sh anyway, because they know how
>necessary it is to your system. What you should try to do is remove
>unnecessary shell accounts.
Good points; I agree.
--------------------------------------------------------------------------
Ted Behling, Web Application Developer - Monarch Information Systems, Inc.
43 Folly Field Road, Unit 4, Hilton Head Island, SC 29928-5434
E-mail: mailto:TBehling@xxxxxxxxxxxxx
Phone/Fax: 1-800-842-7894 Local or Outside the USA: 1-843-842-7894
Cell Phone (urgent issues): 843-816-7895
Cell Phone E-mail: mailto:TedPhone@xxxxxxxxxxxxx (116 letter limit)
Web site: http://www.MonarchIS.net
--------------------------------------------------------------------------