Peda, Allan (NYC-GIS)
2019-Jun-24 13:07 UTC
[CentOS] Vulnerabilities to bind-libs bind-utils - possible to remove these on webservers
I think the subject says it all. We don't run named. It seems there are chronic issues with bind. Can these packages be removed? We locally authenticate. I see this: Removing for dependencies: bind-utils ipa-client sssd sssd-ad sssd-ipa We shouldn't need any of that with local authentication (/etc passwd and /etc/shadow) right? This message contains information which may be confidential and privileged. Unless you are the intended recipient (or authorized to receive this message for the intended recipient), you may not use, copy, disseminate or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail, and delete the message. Thank you very much.
Mauricio Tavares
2019-Jun-24 13:20 UTC
[CentOS] Vulnerabilities to bind-libs bind-utils - possible to remove these on webservers
On Mon, Jun 24, 2019 at 9:07 AM Peda, Allan (NYC-GIS) <Allan.Peda at interpublic.com> wrote:> > I think the subject says it all. We don't run named. It seems there are chronic issues with bind. Can these packages be removed? > > We locally authenticate. I see this: > > Removing for dependencies: > bind-utils > ipa-client > sssd > sssd-ad > sssd-ipa > > We shouldn't need any of that with local authentication (/etc passwd and /etc/shadow) right? >Which packages installed them as dependencies?> > This message contains information which may be confidential and privileged. Unless you are the intended recipient (or authorized to receive this message for the intended recipient), you may not use, copy, disseminate or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail, and delete the message. Thank you very much. > _______________________________________________ > CentOS mailing list > CentOS at centos.org > https://lists.centos.org/mailman/listinfo/centos
mark
2019-Jun-24 13:41 UTC
[CentOS] Vulnerabilities to bind-libs bind-utils - possible to remove these on webservers
Peda, Allan (NYC-GIS) wrote:> I think the subject says it all. We don't run named. It seems there are > chronic issues with bind. Can these packages be removed? > > We locally authenticate. I see this: > > Removing for dependencies: > bind-utils ipa-client sssd sssd-ad sssd-ipa > > We shouldn't need any of that with local authentication (/etc passwd and > /etc/shadow) right?Are you running sssd? Are you connected to the AD? mark (we do, and we are)
Peda, Allan (NYC-GIS)
2019-Jun-24 15:49 UTC
[CentOS] Vulnerabilities to bind-libs bind-utils - possible to remove these on webservers
I just tried out removal of bind-utils on a soon to be retired machine. It seems fine with the caveat that we lose /bin/host and /bin/dig Perhaps a perl script might suffice to emulate 'host' on machines that might need the occasional networking debug session. Just typed this up, so FWIW: use Net::DNS; my $res = Net::DNS::Resolver->new(); my $sought = $ARGV[0]; my $a_query = $res->search($sought); if ($a_query) { foreach my $rr ($a_query->answer) { if( $rr->type eq 'A' ){ printf("%s has address %s\n", $sought, $rr->address); } elsif( $rr->type eq 'CNAME' ){ printf("%s is an alias for %s\n", $sought, $rr->cname); $sought = $rr->cname; } } } else { warn "Unable to obtain a record for $ARGV[0]: ", $res->errorstring, "\n"; } ?On 6/24/19, 10:02 AM, "CentOS on behalf of mark" <centos-bounces at centos.org on behalf of m.roth at 5-cent.us> wrote: Peda, Allan (NYC-GIS) wrote: > I think the subject says it all. We don't run named. It seems there are > chronic issues with bind. Can these packages be removed? > > We locally authenticate. I see this: > > Removing for dependencies: > bind-utils ipa-client sssd sssd-ad sssd-ipa > > We shouldn't need any of that with local authentication (/etc passwd and > /etc/shadow) right? Are you running sssd? Are you connected to the AD? mark (we do, and we are) _______________________________________________ CentOS mailing list CentOS at centos.org https://urldefense.proofpoint.com/v2/url?u=https-3A__lists.centos.org_mailman_listinfo_centos&d=DwICAg&c=Ftw_YSVcGmqQBvrGwAZugGylNRkk-uER0-5bY94tjsc&r=Tou2GfskafF_UnC0yPjAjEzLDhbALx-0EDoLp3_iSss&m=a3ZtigkKfdV2C-tKLDVYICLN8wbT_4sjV2wJ41VSGK8&s=IN9NvDKi-LGcoVnrMKW6KR7GRFUcA0OT_SQ4UEaDmb0&e= This message contains information which may be confidential and privileged. Unless you are the intended recipient (or authorized to receive this message for the intended recipient), you may not use, copy, disseminate or disclose to anyone the message or any information contained in the message. If you have received the message in error, please advise the sender by reply e-mail, and delete the message. Thank you very much.
Possibly Parallel Threads
- Vulnerabilities to bind-libs bind-utils - possible to remove these on webservers
- Chronic parsing date range in console but not in application in rails 3
- Chronic parse problem?
- undefined method `gsub!' for 2012-01-22 17:00:00 -0500..2012-01-23 00:00:00 -0500:Chronic::Span
- Easy Date question - newb