We help IT Professionals succeed at work.

manually uninstall bash - FreeBSD

Pereda
Pereda asked
on
I have an isolated FreeBSD server that cannot reach the Internet.  How to manually uninstall bash from FreeBSD?
Comment
Watch Question

Gerwin Jansen, EE MVETopic Advisor
Most Valuable Expert 2016

Commented:
Really uninstall? Or will moving it just be sufficient?

Like: # mv /bin/bash /bin/bash.removed - assuming that you have bash installed in /bin

Author

Commented:
really uninstall.  I moved the files as well and I think the scanner picked up on binary or maybe some ".so"

Author

Commented:
I should have been able to do a pkg rm, but pkg was and cannot be implemented.
Gerwin Jansen, EE MVETopic Advisor
Most Valuable Expert 2016

Commented:
>> scanner
What scanner?

Author

Commented:
company scanner that looks for compliance with security policies.
From  http://www.linuxfromscratch.org/lfs/view/6.6/appendices/dependencies.html
Bash
Installation depends on: Bash, Binutils, Bison, Coreutils, Diffutils, Gawk, GCC, Glibc, Grep, Make, Ncurses, Patch, Readline, Sed, and Texinfo

Bash has been patched.  No need to remove it.  Are they going to remove all IE because there are security holes in IE6?
Gerwin Jansen, EE MVETopic Advisor
Most Valuable Expert 2016

Commented:
>> I have an isolated FreeBSD server that cannot reach the Internet.
So it's isolated and the company scanner still decides that bash has to be removed?

Since it's isolated there should be no need to remove bash, even if it were vulnerable. Lots of companies still run Windows NT or NXP behind a firewall.
Top Expert 2015

Commented:
pkg_delete bash\*
Don't actually delete bash unless you have another shell that you can use.
Top Expert 2015
Commented:
default is csh, and pdksh is also enabled.
bash is only installable extra package.
Probably tcsh instead of csh these days.

He'd have to make sure all accounts aren't set to bash and remove it from /etc/shells.

Author

Commented:
Thank you for the feedback.   Particularly the /etc/shells.  Unfortunately, I cannot use the pkg command on these servers.
Top Expert 2015

Commented:
How you got bash there withoutp PKG ?
Gerwin Jansen, EE MVETopic Advisor
Most Valuable Expert 2016

Commented:
That was my thought as well about the system being disconnected from the internet or the need for uninstalling (or not).
I still don't understand what the scanner found.  Was it an unpatched bash?  You can download the source from another system, compile it, then copy the new bash into place.

Author

Commented:
I actually deleted bash for now.

find / -type f -name bash* -exec ls -l {} \;  # to make sure I wasn't going to delete anything not intended.
find / -type f -name bash* -exec rm -f {} \;  # to actually remove all references to bash
find / -type f -name bash* -exec ls -l {} \;  # to make sure the previous command was successful
sudo su bash # to validate what should be obvious (there is no bash to actually execute).

I originally chmod 000 all instances of bin/bash, but the scanner still identified the binary.

Scanners are used to baseline our security.  Since I was not going to sneaker net a cd, I figured I would just remove bash all together.  We only use these servers for tcpdump.

P.S.  Where's the spell check. :)