manually uninstall bash - FreeBSD

I have an isolated FreeBSD server that cannot reach the Internet.  How to manually uninstall bash from FreeBSD?
PeredaAsked:
Who is Participating?

[Product update] Infrastructure Analysis Tool is now available with Business Accounts.Learn More

x
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Gerwin Jansen, EE MVETopic Advisor Commented:
Really uninstall? Or will moving it just be sufficient?

Like: # mv /bin/bash /bin/bash.removed - assuming that you have bash installed in /bin
PeredaAuthor Commented:
really uninstall.  I moved the files as well and I think the scanner picked up on binary or maybe some ".so"
PeredaAuthor Commented:
I should have been able to do a pkg rm, but pkg was and cannot be implemented.
Become a CompTIA Certified Healthcare IT Tech

This course will help prep you to earn the CompTIA Healthcare IT Technician certification showing that you have the knowledge and skills needed to succeed in installing, managing, and troubleshooting IT systems in medical and clinical settings.

Gerwin Jansen, EE MVETopic Advisor Commented:
>> scanner
What scanner?
PeredaAuthor Commented:
company scanner that looks for compliance with security policies.
serialbandCommented:
From  http://www.linuxfromscratch.org/lfs/view/6.6/appendices/dependencies.html
Bash
Installation depends on: Bash, Binutils, Bison, Coreutils, Diffutils, Gawk, GCC, Glibc, Grep, Make, Ncurses, Patch, Readline, Sed, and Texinfo

Bash has been patched.  No need to remove it.  Are they going to remove all IE because there are security holes in IE6?
Gerwin Jansen, EE MVETopic Advisor Commented:
>> I have an isolated FreeBSD server that cannot reach the Internet.
So it's isolated and the company scanner still decides that bash has to be removed?

Since it's isolated there should be no need to remove bash, even if it were vulnerable. Lots of companies still run Windows NT or NXP behind a firewall.
gheistCommented:
pkg_delete bash\*
serialbandCommented:
Don't actually delete bash unless you have another shell that you can use.
gheistCommented:
default is csh, and pdksh is also enabled.
bash is only installable extra package.

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
serialbandCommented:
Probably tcsh instead of csh these days.

He'd have to make sure all accounts aren't set to bash and remove it from /etc/shells.
PeredaAuthor Commented:
Thank you for the feedback.   Particularly the /etc/shells.  Unfortunately, I cannot use the pkg command on these servers.
gheistCommented:
How you got bash there withoutp PKG ?
Gerwin Jansen, EE MVETopic Advisor Commented:
That was my thought as well about the system being disconnected from the internet or the need for uninstalling (or not).
serialbandCommented:
I still don't understand what the scanner found.  Was it an unpatched bash?  You can download the source from another system, compile it, then copy the new bash into place.
PeredaAuthor Commented:
I actually deleted bash for now.

find / -type f -name bash* -exec ls -l {} \;  # to make sure I wasn't going to delete anything not intended.
find / -type f -name bash* -exec rm -f {} \;  # to actually remove all references to bash
find / -type f -name bash* -exec ls -l {} \;  # to make sure the previous command was successful
sudo su bash # to validate what should be obvious (there is no bash to actually execute).

I originally chmod 000 all instances of bin/bash, but the scanner still identified the binary.

Scanners are used to baseline our security.  Since I was not going to sneaker net a cd, I figured I would just remove bash all together.  We only use these servers for tcpdump.

P.S.  Where's the spell check. :)
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Unix OS

From novice to tech pro — start learning today.