Uninstall sshd

[Peter_APIIT]

How to uninstall the sshd or other base program (FTP, httpd)?

Thanks.

[jggimi]

$ man rm

[Oko]

Quote:

Originally Posted by jggimi

$ man rm

Is it that simple? OP has actually asked an interesting question. How do you safely remove all tentacles of a SSH from the base of OpenBSD? I have no idea why would somebody want to do that but it is an interesting exercise.

[shep]

Quote:

Originally Posted by Peter_APIIT

How to uninstall the sshd or other base program (FTP, httpd)?

One of the major attractions of OpenBSD is that the base programs receive a level of code audits, for both security and bugs, that is is unmatched by other OpenSource projects. These base programs receive security patches throughout the life of the release.

When all else fails - these are the "goto programs". You might be better served by learning how to turn them on/off rather than "uninstalling" them.

$ man rc.conf.local

[jggimi]

I don't see this as interesting. I see it as a complete waste of time.

It reduces the functionality of a system for no obvious operational benefit. It will not prevent an intruder from intruding, if there is a way in. Once in... any tools needed can be installed from outside.

Any intruder who can access a shell, or who has the ability to issue exec(3) / fork(2), can install anything they want. Network tools, compilers, and utilities of all kinds. I doubt Peter has discovered noexec filesystems, but they would be needed after he deletes all the utilities he fears might be exploited by intruders.

But if the intruder has root access, then they can mount their own vnode(9), circumventing noexec. Or just remount, eliminating the option. Even securelevel=2, which Peter previously deployed, can't prevent this.

[bashrules]

Quote:

Originally Posted by jggimi

It reduces the functionality of a system for no obvious operational benefit.

Perhaps he just wants to have on his system what he is actually using. That doesn't sound wrong, does it?

[jggimi]

It's his system; he can do -- and he does -- whatever he wants. But with few exceptions (pppoe, Gnome), Peter's questions here have been focused on his perceived risks and his perceived threats.

This does little to eliminate real threats, should any exist. And he'll have to do it again, should he upgrade or reinstall.

Meanwhile, Peter is still running -release, and to the best of my knowledge, he has not applied any of the 14 published errata patches -- 9 of which address actual, confirmed security issues. If he has not done so, then this is where his attention should be focused, instead of on what I see as imaginative but otherwise useless risk mitigation strategies.

[Peter_APIIT]

Quote:

Originally Posted by jggimi

I don't see this as interesting. I see it as a complete waste of time.

It reduces the functionality of a system for no obvious operational benefit. It will not prevent an intruder from intruding, if there is a way in. Once in... any tools needed can be installed from outside.

Any intruder who can access a shell, or who has the ability to issue exec(3) / fork(2), can install anything they want. Network tools, compilers, and utilities of all kinds. I doubt Peter has discovered noexec filesystems, but they would be needed after he deletes all the utilities he fears might be exploited by intruders.

But if the intruder has root access, then they can mount their own vnode(9), circumventing noexec. Or just remount, eliminating the option. Even securelevel=2, which Peter previously deployed, can't prevent this.

This opinion is very valuable to me. You are absolutely right. I had just discovered my .serverauth profile was deleted and unable to startx xfce anymore. This is the evidence of being hacked. Perhaps i should start another thread to discuss this issue.

EDIT:

How to remove some command which are not used?