docs/2_Architecture_Guides/2.2_Security_Blueprint/5_Platform/1.2.5.6_Utilities.md

   1 ---
   2 edit_link: ''
   3 title: Utilities
   4 origin_url: >-
   5   https://raw.githubusercontent.com/automotive-grade-linux/docs-sources/master/docs/security-blueprint/part-5/6-Utilities.md
   6 ---
   7
   8 <!-- WARNING: This file is generated by fetch_docs.js using /home/boron/Documents/AGL/docs-webtemplate/site/_data/tocs/architecture/master/security_blueprint-security-blueprint-book.yml -->
   9
  10 # Utilities
  11
  12 - **busybox**: Software that provides several stripped-down Unix tools in a
  13   single executable file. Of course, it will be necessary to use a "production"
  14   version of **busybox** in order to avoid all the tools useful only in
  15   development mode.
  16
  17 <!-- section-config -->
  18
  19 Domain               | `Tool` name | _State_
  20 -------------------- | ----------- | ----------------------------------------------------------------------
  21 Platform-Utilities-1 | `busybox`   | _Used_ to provide a number of tools. Do not compile development tools.
  22
  23 <!-- end-section-config -->
  24
  25 ## Functionalities to exclude in production mode
  26
  27 In production mode, a number of tools must be disabled to prevent an attacker
  28 from finding logs for example. This is useful to limit the visible surface and
  29 thus complicate the fault finding process. The tools used only in development
  30 mode are marked by an '**agl-devel**' feature. When building in production mode,
  31 these tools will not be compiled.
  32
  33 <!-- section-config -->
  34
  35 Domain                | `Utility` name and normal `path`                     | _State_
  36 --------------------- | ---------------------------------------------------- | ----------
  37 Platform-Utilities-1  | `chgrp` in `/bin/chgrp`                              | _Disabled_
  38 Platform-Utilities-2  | `chmod` in `/bin/chmod`                              | _Disabled_
  39 Platform-Utilities-3  | `chown` in `/bin/chown`                              | _Disabled_
  40 Platform-Utilities-4  | `dmesg` in `/bin/dmesg`                              | _Disabled_
  41 Platform-Utilities-5  | `Dnsdomainname` in `/bin/dnsdomainname`              | _Disabled_
  42 Platform-Utilities-6  | `dropbear`, Remove "dropbear" from `/etc/init.d/rcs` | _Disabled_
  43 Platform-Utilities-7  | `Editors` in (vi) `/bin/vi`                          | _Disabled_
  44 Platform-Utilities-8  | `find` in `/bin/find`                                | _Disabled_
  45 Platform-Utilities-9  | `gdbserver` in `/bin/gdbserver`                      | _Disabled_
  46 Platform-Utilities-10 | `hexdump` in `/bin/hexdump`                          | _Disabled_
  47 Platform-Utilities-11 | `hostname` in `/bin/hostname`                        | _Disabled_
  48 Platform-Utilities-12 | `install` in `/bin/install`                          | _Disabled_
  49 Platform-Utilities-13 | `iostat` in `/bin/iostat`                            | _Disabled_
  50 Platform-Utilities-14 | `killall` in `/bin/killall`                          | _Disabled_
  51 Platform-Utilities-15 | `klogd` in `/sbin/klogd`                             | _Disabled_
  52 Platform-Utilities-16 | `logger` in `/bin/logger`                            | _Disabled_
  53 Platform-Utilities-17 | `lsmod` in `/sbin/lsmod`                             | _Disabled_
  54 Platform-Utilities-18 | `pmap` in `/bin/pmap`                                | _Disabled_
  55 Platform-Utilities-19 | `ps` in `/bin/ps`                                    | _Disabled_
  56 Platform-Utilities-20 | `ps` in `/bin/ps`                                    | _Disabled_
  57 Platform-Utilities-21 | `rpm` in `/bin/rpm`                                  | _Disabled_
  58 Platform-Utilities-22 | `SSH`                                                | _Disabled_
  59 Platform-Utilities-23 | `stbhotplug` in `/sbin/stbhotplug`                   | _Disabled_
  60 Platform-Utilities-24 | `strace` in `/bin/trace`                             | _Disabled_
  61 Platform-Utilities-25 | `su` in `/bin/su`                                    | _Disabled_
  62 Platform-Utilities-26 | `syslogd` in (logger) `/bin/logger`                  | _Disabled_
  63 Platform-Utilities-27 | `top` in `/bin/top`                                  | _Disabled_
  64 Platform-Utilities-28 | `UART` in `/proc/tty/driver/`                        | _Disabled_
  65 Platform-Utilities-29 | `which` in `/bin/which`                              | _Disabled_
  66 Platform-Utilities-30 | `who` and `whoami` in `/bin/whoami`                  | _Disabled_
  67 Platform-Utilities-31 | `awk` (busybox)                                      | _Enabled_
  68 Platform-Utilities-32 | `cut` (busybox)                                      | _Enabled_
  69 Platform-Utilities-33 | `df` (busybox)                                       | _Enabled_
  70 Platform-Utilities-34 | `echo` (busybox)                                     | _Enabled_
  71 Platform-Utilities-35 | `fdisk` (busybox)                                    | _Enabled_
  72 Platform-Utilities-36 | `grep` (busybox)                                     | _Enabled_
  73 Platform-Utilities-37 | `mkdir` (busybox)                                    | _Enabled_
  74 Platform-Utilities-38 | `mount` (vfat) (busybox)                             | _Enabled_
  75 Platform-Utilities-39 | `printf` (busybox)                                   | _Enabled_
  76 Platform-Utilities-40 | `sed` in `/bin/sed` (busybox)                        | _Enabled_
  77 Platform-Utilities-41 | `tail` (busybox)                                     | _Enabled_
  78 Platform-Utilities-42 | `tee` (busybox)                                      | _Enabled_
  79 Platform-Utilities-43 | `test` (busybox)                                     | _Enabled_
  80
  81 <!-- end-section-config --> <!-- section-note -->
  82
  83 The _Enabled_ Unix/Linux utilities above shall be permitted as they are often
  84 used in the start-up scripts and for USB logging. If any of these utilities are
  85 not required by the device then those should be removed.
  86
  87 <!-- end-section-note -->