docs/2_Architecture_Guides/2.2_Security_Blueprint/5_Platform/1.2.5.6_Utilities.md

   1 ---
   2 title: Utilities
   3 ---
   4
   5 # Utilities
   6
   7 - **busybox**: Software that provides several stripped-down Unix tools in a
   8   single executable file. Of course, it will be necessary to use a "production"
   9   version of **busybox** in order to avoid all the tools useful only in
  10   development mode.
  11
  12 <!-- section-config -->
  13
  14 Domain               | `Tool` name | _State_
  15 -------------------- | ----------- | ----------------------------------------------------------------------
  16 Platform-Utilities-1 | `busybox`   | _Used_ to provide a number of tools. Do not compile development tools.
  17
  18 <!-- end-section-config -->
  19
  20 ## Functionalities to exclude in production mode
  21
  22 In production mode, a number of tools must be disabled to prevent an attacker
  23 from finding logs for example. This is useful to limit the visible surface and
  24 thus complicate the fault finding process. The tools used only in development
  25 mode are marked by an '**agl-devel**' feature. When building in production mode,
  26 these tools will not be compiled.
  27
  28 <!-- section-config -->
  29
  30 Domain                | `Utility` name and normal `path`                     | _State_
  31 --------------------- | ---------------------------------------------------- | ----------
  32 Platform-Utilities-1  | `chgrp` in `/bin/chgrp`                              | _Disabled_
  33 Platform-Utilities-2  | `chmod` in `/bin/chmod`                              | _Disabled_
  34 Platform-Utilities-3  | `chown` in `/bin/chown`                              | _Disabled_
  35 Platform-Utilities-4  | `dmesg` in `/bin/dmesg`                              | _Disabled_
  36 Platform-Utilities-5  | `Dnsdomainname` in `/bin/dnsdomainname`              | _Disabled_
  37 Platform-Utilities-6  | `dropbear`, Remove "dropbear" from `/etc/init.d/rcs` | _Disabled_
  38 Platform-Utilities-7  | `Editors` in (vi) `/bin/vi`                          | _Disabled_
  39 Platform-Utilities-8  | `find` in `/bin/find`                                | _Disabled_
  40 Platform-Utilities-9  | `gdbserver` in `/bin/gdbserver`                      | _Disabled_
  41 Platform-Utilities-10 | `hexdump` in `/bin/hexdump`                          | _Disabled_
  42 Platform-Utilities-11 | `hostname` in `/bin/hostname`                        | _Disabled_
  43 Platform-Utilities-12 | `install` in `/bin/install`                          | _Disabled_
  44 Platform-Utilities-13 | `iostat` in `/bin/iostat`                            | _Disabled_
  45 Platform-Utilities-14 | `killall` in `/bin/killall`                          | _Disabled_
  46 Platform-Utilities-15 | `klogd` in `/sbin/klogd`                             | _Disabled_
  47 Platform-Utilities-16 | `logger` in `/bin/logger`                            | _Disabled_
  48 Platform-Utilities-17 | `lsmod` in `/sbin/lsmod`                             | _Disabled_
  49 Platform-Utilities-18 | `pmap` in `/bin/pmap`                                | _Disabled_
  50 Platform-Utilities-19 | `ps` in `/bin/ps`                                    | _Disabled_
  51 Platform-Utilities-20 | `ps` in `/bin/ps`                                    | _Disabled_
  52 Platform-Utilities-21 | `rpm` in `/bin/rpm`                                  | _Disabled_
  53 Platform-Utilities-22 | `SSH`                                                | _Disabled_
  54 Platform-Utilities-23 | `stbhotplug` in `/sbin/stbhotplug`                   | _Disabled_
  55 Platform-Utilities-24 | `strace` in `/bin/trace`                             | _Disabled_
  56 Platform-Utilities-25 | `su` in `/bin/su`                                    | _Disabled_
  57 Platform-Utilities-26 | `syslogd` in (logger) `/bin/logger`                  | _Disabled_
  58 Platform-Utilities-27 | `top` in `/bin/top`                                  | _Disabled_
  59 Platform-Utilities-28 | `UART` in `/proc/tty/driver/`                        | _Disabled_
  60 Platform-Utilities-29 | `which` in `/bin/which`                              | _Disabled_
  61 Platform-Utilities-30 | `who` and `whoami` in `/bin/whoami`                  | _Disabled_
  62 Platform-Utilities-31 | `awk` (busybox)                                      | _Enabled_
  63 Platform-Utilities-32 | `cut` (busybox)                                      | _Enabled_
  64 Platform-Utilities-33 | `df` (busybox)                                       | _Enabled_
  65 Platform-Utilities-34 | `echo` (busybox)                                     | _Enabled_
  66 Platform-Utilities-35 | `fdisk` (busybox)                                    | _Enabled_
  67 Platform-Utilities-36 | `grep` (busybox)                                     | _Enabled_
  68 Platform-Utilities-37 | `mkdir` (busybox)                                    | _Enabled_
  69 Platform-Utilities-38 | `mount` (vfat) (busybox)                             | _Enabled_
  70 Platform-Utilities-39 | `printf` (busybox)                                   | _Enabled_
  71 Platform-Utilities-40 | `sed` in `/bin/sed` (busybox)                        | _Enabled_
  72 Platform-Utilities-41 | `tail` (busybox)                                     | _Enabled_
  73 Platform-Utilities-42 | `tee` (busybox)                                      | _Enabled_
  74 Platform-Utilities-43 | `test` (busybox)                                     | _Enabled_
  75
  76 <!-- end-section-config --> <!-- section-note -->
  77
  78 The _Enabled_ Unix/Linux utilities above shall be permitted as they are often
  79 used in the start-up scripts and for USB logging. If any of these utilities are
  80 not required by the device then those should be removed.
  81
  82 <!-- end-section-note -->