Search This Blog

Tuesday, October 5, 2010

Remove rsh, rcp and rlogin

It is highly recommended to remove following command on production server .
There are several ways of not using the command choose one that is suitable for your need.

Method 1:

Just try to find the rpm for the above command.
This can be done using.

rpm -qa | grep -i rsh
rsh-0.17-38.el5
rpm -qa | grep -i rcp
rpm -qa | grep -i rlogin

As you can see only first command return any output.

We need to further see what command rsh-0.17-38.el5 contains.

This can be done using

# rpm -ql rsh-0.17-38.el5
/usr/bin/rcp
/usr/bin/rexec
/usr/bin/rlogin
/usr/bin/rsh
/usr/share/man/man1/rcp.1.gz
/usr/share/man/man1/rexec.1.gz
/usr/share/man/man1/rlogin.1.gz
/usr/share/man/man1/rsh.1.gz


From the output you can assume that by uninstalling the rpm you can achieve the removal of those command from production server.


Method 2:

Change the file permisisons:

(First check the location of command using which command name.Below examples are given considering the commands are located under /usr/bin/rcp This could be different for different Linux Distributions.)

chmod 000 /usr/bin/rcp

chmod 000 /usr/bin/rsh

chmod 000 /usr/bin/rlogin

Method 3:

just remove execute bit of the command using.


(First check the location of command using which command name.Below examples are given considering the commands are located under /usr/bin/rcp This could be different for different Linux Distributions.)


chmod -x /usr/bin/rcp

chmod -x /usr/bin/rsh

chmod -x /usr/bin/rlogin

Method 4:

Remove the command itself using.

rm -rf `which rcp`
rm -rf `which rlogin`
rm -rf `which rsh`

1 comment: