Does anyone remove netcat from their environment? Our security team likes to have netcat removed from SLES 9, however, the yast2 rpm depends on netcat. I am interested to know what functionalities I may lose in administrating the systems. I understand I will not be able to use yast, but I think I can manually update the config files, and do most of everything in command line, right? Thank you. RBW ____________________________________________________ Start your day with Yahoo! - make it your home page http://www.yahoo.com/r/hs
Does anyone remove netcat from their environment?
Our security team likes to have netcat removed from SLES 9, however, the yast2 rpm depends on netcat. I am interested to know what functionalities I may lose in administrating the systems. I understand I will not be able to use yast, but I think I can manually update the config files, and do most of everything in command line, right?
Thank you. RBW
What I don't understand quite is what the benefit would be from removing the netcat program/package. It takes about 10 lines of C code to listen on a network socket, and if you have intruded a system, you'll be able to to things independently from the presence of a netcat program. In addition to that: Try netcat -lp 20000 | tar xfvvp - on the target system (here called t200), then run (on the sender system): tar cfvv - some_files_you_want_to_be_transferred > /dev/tcp/t200/20000 and watch the probably fastest file transfer on a linux system in action. You have to be using a bash on the sender system for the /dev/tcp function, which is a bash feature. Means: It's not so easy to get rif of the useful functions of a linux system. Roman.
The reason they decided to remove netcat is that they "found" out netcat is hacker's tool via a google search :-). I explained to the "security" team that it really depends on how they want to define hacker's tool. Technically, I do not mind removing a package if there is a good reason, I fail to see the reasoning. Hence, I am interested to know whether anyone has removed netcat and subsequently removed the yast2 stuff. RBW --- Roman Drahtmueller <draht@novell.com> wrote:
Does anyone remove netcat from their environment?
Our security team likes to have netcat removed from SLES 9, however, the yast2 rpm depends on netcat. I am interested to know what functionalities I may lose in administrating the systems. I understand I will not be able to use yast, but I think I can manually update the config files, and do most of everything in command line, right?
Thank you. RBW
What I don't understand quite is what the benefit would be from removing the netcat program/package. It takes about 10 lines of C code to listen on a network socket, and if you have intruded a system, you'll be able to to things independently from the presence of a netcat program.
In addition to that: Try
netcat -lp 20000 | tar xfvvp - on the target system (here called t200), then run (on the sender system):
tar cfvv - some_files_you_want_to_be_transferred > /dev/tcp/t200/20000
and watch the probably fastest file transfer on a linux system in action. You have to be using a bash on the sender system for the /dev/tcp function, which is a bash feature. Means: It's not so easy to get rif of the useful functions of a linux system.
Roman.
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
The reason they decided to remove netcat is that they "found" out netcat is hacker's tool via a google search :-).
IIRC some popular virus scanners even warn(ed) about netcat being a "remote access tool" or "unwanted program" :-) -- Michel Messerschmidt, lists@michel-messerschmidt.de
On Wed, 27 Jul 2005, Michel Messerschmidt wrote:
The reason they decided to remove netcat is that they "found" out netcat is hacker's tool via a google search :-).
IIRC some popular virus scanners even warn(ed) about netcat being a "remote access tool" or "unwanted program" :-)
You mean the ones which are programmed by the same people who are so paranoid that they think that every muslim is a terrorist? :-| netcat is a "knife" with which you can "cut" error sources but also can "kill" servers; which certainly happens much more often than any other usage (sigh!). Bad bad Baaaaad! %-| This world is going mad these days which is very hard for someone who stays normal a little bit longer that most others... Regards from the still normal Henning Hucke PS: Honestly I would refuse to remove "netcat". Honestly I would easily recommend to remove Yast which I rate as being a much bigger threat to the working safety of a Linux installation than netcat. -- It is a profitable thing, if one is wise, to seem foolish. -- Aeschylus
There are obvious possibilities with Netcat if used incorrectly, if this is the company Security Policy then I would imagine that there are examples of a running system in your organization where Netcat has been removed. Also anything with a dependancy on netcat will cease to function correctly. ----- Original Message ----- From: "Henning Hucke" <h_hucke@aeon.icebear.org> To: <suse-security@suse.com> Sent: Wednesday, July 27, 2005 10:03 AM Subject: [suse-security] Re: removing netcat On Wed, 27 Jul 2005, Michel Messerschmidt wrote:
The reason they decided to remove netcat is that they "found" out netcat is hacker's tool via a google search :-).
IIRC some popular virus scanners even warn(ed) about netcat being a "remote access tool" or "unwanted program" :-)
You mean the ones which are programmed by the same people who are so paranoid that they think that every muslim is a terrorist? :-| netcat is a "knife" with which you can "cut" error sources but also can "kill" servers; which certainly happens much more often than any other usage (sigh!). Bad bad Baaaaad! %-| This world is going mad these days which is very hard for someone who stays normal a little bit longer that most others... Regards from the still normal Henning Hucke PS: Honestly I would refuse to remove "netcat". Honestly I would easily recommend to remove Yast which I rate as being a much bigger threat to the working safety of a Linux installation than netcat. -- It is a profitable thing, if one is wise, to seem foolish. -- Aeschylus -- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
On Wed, 27 Jul 2005, Andre Venter wrote:
There are obvious possibilities with Netcat if used incorrectly, if this is the company Security Policy then I would imagine that there are examples of a running system in your organization where Netcat has been removed. Also anything with a dependancy on netcat will cease to function correctly.
((Please don't write TAFB (Text above. Full quote below). Please don't answer to the list /and/ the author. Please don't prefix the subject with this shitty "[suse-security]" nor do it on any other mailing list. There are much more suitable headers in mailing list mails to sort with than the subject header!)) It is indeed quite often the case that a company has such a security policy. But what I mean is that such an incarnation of a security policy is rubbish. Imagine a VIP disco (for the case that "disco" is uncommon: A place where loud music is played and where the drinks are expensive) where your girlfriends pocket is checked for knifes but your jacket not for guns. You remove the obvious knife "netcat" but do don't even check the jacket "yast" for a gun where "gun" might even mean that it does changes somewhere where you wouldn't want it to change things if you would know about it... (Certainly "gun" could also mean that there are trojans or security holes in this monster application) Regards Henning Hucke -- TAX OFFICE: Den of inequity.
I think Henning's post may be a thread for a discussion forum for security policies, but I do understand the objection to incomplete security policies? I would have to agree, it would be ineffective to look at only one part of the potential vulnerability. Apologies, I should have been more clear. To Answer Brian's question, what I meant was that you can find out what has a dependancy on netcat by starting the removal process in yast, it'll tell you what, other than yast2, has a dependancy. If there's another machine in the organization that already has netcat removed you could ask it's operator what is missed. Somtimes a Security Tech / Admin's arm can be twisted a bit if you have a specific need for an application, usually with conditions though. It is indeed quite often the case that a company has such a security policy. But what I mean is that such an incarnation of a security policy is rubbish. Imagine a VIP disco (for the case that "disco" is uncommon: A place where loud music is played and where the drinks are expensive) where your girlfriends pocket is checked for knifes but your jacket not for guns. You remove the obvious knife "netcat" but do don't even check the jacket "yast" for a gun where "gun" might even mean that it does changes somewhere where you wouldn't want it to change things if you would know about it... (Certainly "gun" could also mean that there are trojans or security holes in this monster application)
On Wed, Jul 27, 2005 at 12:08:00PM +0200, Andre Venter wrote:
There are obvious possibilities with Netcat if used incorrectly, if this is the company Security Policy then I would imagine that there are examples of a running system in your organization where Netcat has been removed. Also anything with a dependancy on netcat will cease to function correctly.
This is just retarded. Netcat is about as harmful as Vim. If you remove Netcat you might as well nab Vim and Emacs too. That way when you get hacked they don't have anything to mod system files or deface the web servers. This is assuming they are the only two text editors you have installed. I don't allow any others on my server. If you can't do it in Emacs or Vim, you're not qualified to do it. While you're doing this you may want to remove find too. That's very dangerouse, heh, defaced a few things using find to nab what I wanted in a shell script. If you really want to lock a server down, open YAST and apply the security updates, then use it to mod the firewall. After that use it again to lock down the security policy on the server in question. Removing it is just stupid.
----- Original Message ----- From: "Henning Hucke" <h_hucke@aeon.icebear.org> To: <suse-security@suse.com> Sent: Wednesday, July 27, 2005 10:03 AM Subject: [suse-security] Re: removing netcat
On Wed, 27 Jul 2005, Michel Messerschmidt wrote:
The reason they decided to remove netcat is that they "found" out netcat is hacker's tool via a google search :-).
IIRC some popular virus scanners even warn(ed) about netcat being a "remote access tool" or "unwanted program" :-)
They figure all customers are idiots.
You mean the ones which are programmed by the same people who are so paranoid that they think that every muslim is a terrorist? :-|
netcat is a "knife" with which you can "cut" error sources but also can "kill" servers; which certainly happens much more often than any other usage (sigh!). Bad bad Baaaaad! %-|
Better take out Nmap too. Just because it tells you if you have any services listening doesn't mean you can't be naughty.
This world is going mad these days which is very hard for someone who stays normal a little bit longer that most others...
Regards from the still normal Henning Hucke
PS: Honestly I would refuse to remove "netcat". Honestly I would easily recommend to remove Yast which I rate as being a much bigger threat to the working safety of a Linux installation than netcat.
YAST is the best admin tool I've ever seen or used. I'm wondering just how it is you think it's a threat in any nature other than "What you leave on the server, you leave for an attacker who roots you to use". Is it because they have a tool to mod the system with as opposed to using /etc to do the same thing?
It is a profitable thing, if one is wise, to seem foolish. -- Aeschylus
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
Allen wrote:
On Wed, Jul 27, 2005 at 12:08:00PM +0200, Andre Venter wrote:
There are obvious possibilities with Netcat if used incorrectly, if this is the company Security Policy then I would imagine that there are examples of a running system in your organization where Netcat has been removed. Also anything with a dependancy on netcat will cease to function correctly.
This is just retarded. Netcat is about as harmful as Vim. If you remove
What would interest me here is: Did they also demand to remove wget? wget is far more dangerous, as it can be used to download bad code to the server from remote. Unfortunately, it's also used by yast for YOU. So, if you really want to break yast, de-install wget. cheers, Rainer
wget was never discussed because it was never installed in the first place. The reason I brought up netcat is that yast2 depends on netcat, hence the decision was to remove yast2 as well. In my firm, security decides which packages stay, this is our first installation. --- Rainer Duffner <rainer@ultra-secure.de> wrote:
What would interest me here is: Did they also demand to remove wget? wget is far more dangerous, as it can be used to download bad code to the server from remote.
Unfortunately, it's also used by yast for YOU. So, if you really want to break yast, de-install wget.
cheers, Rainer
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
On Sat, Jul 30, 2005 at 09:15:23PM -0700, Bill Wilson wrote:
wget was never discussed because it was never installed in the first place. The reason I brought up netcat is that yast2 depends on netcat, hence the decision was to remove yast2 as well.
In my firm, security decides which packages stay, this is our first installation.
Don't you mean gross stupidity decides?
--- Rainer Duffner <rainer@ultra-secure.de> wrote:
What would interest me here is: Did they also demand to remove wget? wget is far more dangerous, as it can be used to download bad code to the server from remote.
Unfortunately, it's also used by yast for YOU. So, if you really want to break yast, de-install wget.
cheers, Rainer
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
-- Check the headers for your unsubscription address For additional commands, e-mail: suse-security-help@suse.com Security-related bug reports go to security@suse.de, not here
participants (7)
-
Allen -
Andre Venter -
Bill Wilson -
Henning Hucke -
Michel Messerschmidt -
Rainer Duffner -
Roman Drahtmueller