7 Mar
2013
7 Mar
'13
5:49 a.m.
On 2 March 2013 06:44, Larry Barber <lebarber at gmail.com> wrote:
It could allow bogus reports to be sent to the Xymon server, maybe hiding something malicious.
I can do that using telnet, or in the absence of telnet, I can use bash. The binaries make it slightly more convenient, that's all.
Also, a lot of security scans will pick up on things that are world executable and not in one of the standard directories (like /usr/bin, /bin, etc.).
Really! Why? I've never seen this, except when the script is also world-writeable. What security scanner(s) are you referring to?
Lots of users write their own scripts and keep them in their home directories. Sysadmins write scripts like this all the time. I'm not sure this is a useful security stance.
J