Remove busybox from buildroot
Clash Royale CLAN TAG#URR8PPP
up vote
3
down vote
favorite
As part of Linux hardening we want to remove busybox from filesystem created with buildroot.
But I am not sure if system can boot without it.
I am quite sure that there are init files that depends on busybox.
Is it possible to boot without busybox or does it require a custom init ?
boot busybox init buildroot hardening
add a comment |Â
up vote
3
down vote
favorite
As part of Linux hardening we want to remove busybox from filesystem created with buildroot.
But I am not sure if system can boot without it.
I am quite sure that there are init files that depends on busybox.
Is it possible to boot without busybox or does it require a custom init ?
boot busybox init buildroot hardening
Is it for a bare metal system, a VM, or for a Docker container? busybox contains all the commands so it is not easy to remove.
â xenoid
9 hours ago
Which distribution? Why have you not made a test in a VM yet,?
â Rui F Ribeiro
9 hours ago
What kind of system is it? Why do you think that removing a program would harden your system?
â Gilles
9 hours ago
It is for buildroot. I might have forgotten to mention it. I edited the question.
â ransh
6 hours ago
add a comment |Â
up vote
3
down vote
favorite
up vote
3
down vote
favorite
As part of Linux hardening we want to remove busybox from filesystem created with buildroot.
But I am not sure if system can boot without it.
I am quite sure that there are init files that depends on busybox.
Is it possible to boot without busybox or does it require a custom init ?
boot busybox init buildroot hardening
As part of Linux hardening we want to remove busybox from filesystem created with buildroot.
But I am not sure if system can boot without it.
I am quite sure that there are init files that depends on busybox.
Is it possible to boot without busybox or does it require a custom init ?
boot busybox init buildroot hardening
boot busybox init buildroot hardening
edited 20 mins ago
asked 9 hours ago
ransh
383249
383249
Is it for a bare metal system, a VM, or for a Docker container? busybox contains all the commands so it is not easy to remove.
â xenoid
9 hours ago
Which distribution? Why have you not made a test in a VM yet,?
â Rui F Ribeiro
9 hours ago
What kind of system is it? Why do you think that removing a program would harden your system?
â Gilles
9 hours ago
It is for buildroot. I might have forgotten to mention it. I edited the question.
â ransh
6 hours ago
add a comment |Â
Is it for a bare metal system, a VM, or for a Docker container? busybox contains all the commands so it is not easy to remove.
â xenoid
9 hours ago
Which distribution? Why have you not made a test in a VM yet,?
â Rui F Ribeiro
9 hours ago
What kind of system is it? Why do you think that removing a program would harden your system?
â Gilles
9 hours ago
It is for buildroot. I might have forgotten to mention it. I edited the question.
â ransh
6 hours ago
Is it for a bare metal system, a VM, or for a Docker container? busybox contains all the commands so it is not easy to remove.
â xenoid
9 hours ago
Is it for a bare metal system, a VM, or for a Docker container? busybox contains all the commands so it is not easy to remove.
â xenoid
9 hours ago
Which distribution? Why have you not made a test in a VM yet,?
â Rui F Ribeiro
9 hours ago
Which distribution? Why have you not made a test in a VM yet,?
â Rui F Ribeiro
9 hours ago
What kind of system is it? Why do you think that removing a program would harden your system?
â Gilles
9 hours ago
What kind of system is it? Why do you think that removing a program would harden your system?
â Gilles
9 hours ago
It is for buildroot. I might have forgotten to mention it. I edited the question.
â ransh
6 hours ago
It is for buildroot. I might have forgotten to mention it. I edited the question.
â ransh
6 hours ago
add a comment |Â
2 Answers
2
active
oldest
votes
up vote
4
down vote
It all depends on whether your distro uses Busybox for init
.
To point you in the right direction, run ls -l /sbin/init
.
If you get something like the following (example from OpenWRT):
~# ls -l /sbin/init
-rwxr-xr-x 1 root root 10824 Jan 31 2016 /sbin/init
It means init
is a different application and you may be able to remove Busybox. You'll still need to replace all the command init
requires with alternatives as Busybox provides many tools required for booting successfully.
However, if you get (example from Alpine Linux):
~$ ls -l /sbin/init
lrwxrwxrwx 1 root root 12 May 3 04:49 /sbin/init -> /bin/busybox
It means init
is provided by Busybox and you'll not be able to boot unless you can replace Busybox's init
with an alternative.
You have to consider whether you are really hardening your system by doing this as you'll end up replacing one binary with many.
1
Even ifinit
itself isn't the one from Busybox, if a system has Busybox, it probably has other critical programs provided by Busybox, for examplesh
.
â Gilles
9 hours ago
@Gilles - edited and added as you commented :-)
â garethTheRed
9 hours ago
Using this solution, does buildroot provide the option to entirely remove busybox from buildroot ?
â ransh
20 mins ago
add a comment |Â
up vote
3
down vote
I routinely delete busybox in my master template/Debian VMs.
As for Debian, it is a matter of not allowing it to install both the busybox
and busybox-static
packages.
You just have to keep in mind the recovery/rescue options will be more limited in a system without it. e.g. I might keep it on a physical system, I delete it as a norm form VMs to save space and under the Unix old golden rule of keeping the minimum of software installed.
At least speaking for Debian, the uninstall makes the necessary modifications in the background, and it is neither necessary to do any extra steps nor customizing anything.
I forgot to mention that I use buildroot (just edit the question). So this solution may not be relevant in my case.
â ransh
6 hours ago
add a comment |Â
2 Answers
2
active
oldest
votes
2 Answers
2
active
oldest
votes
active
oldest
votes
active
oldest
votes
up vote
4
down vote
It all depends on whether your distro uses Busybox for init
.
To point you in the right direction, run ls -l /sbin/init
.
If you get something like the following (example from OpenWRT):
~# ls -l /sbin/init
-rwxr-xr-x 1 root root 10824 Jan 31 2016 /sbin/init
It means init
is a different application and you may be able to remove Busybox. You'll still need to replace all the command init
requires with alternatives as Busybox provides many tools required for booting successfully.
However, if you get (example from Alpine Linux):
~$ ls -l /sbin/init
lrwxrwxrwx 1 root root 12 May 3 04:49 /sbin/init -> /bin/busybox
It means init
is provided by Busybox and you'll not be able to boot unless you can replace Busybox's init
with an alternative.
You have to consider whether you are really hardening your system by doing this as you'll end up replacing one binary with many.
1
Even ifinit
itself isn't the one from Busybox, if a system has Busybox, it probably has other critical programs provided by Busybox, for examplesh
.
â Gilles
9 hours ago
@Gilles - edited and added as you commented :-)
â garethTheRed
9 hours ago
Using this solution, does buildroot provide the option to entirely remove busybox from buildroot ?
â ransh
20 mins ago
add a comment |Â
up vote
4
down vote
It all depends on whether your distro uses Busybox for init
.
To point you in the right direction, run ls -l /sbin/init
.
If you get something like the following (example from OpenWRT):
~# ls -l /sbin/init
-rwxr-xr-x 1 root root 10824 Jan 31 2016 /sbin/init
It means init
is a different application and you may be able to remove Busybox. You'll still need to replace all the command init
requires with alternatives as Busybox provides many tools required for booting successfully.
However, if you get (example from Alpine Linux):
~$ ls -l /sbin/init
lrwxrwxrwx 1 root root 12 May 3 04:49 /sbin/init -> /bin/busybox
It means init
is provided by Busybox and you'll not be able to boot unless you can replace Busybox's init
with an alternative.
You have to consider whether you are really hardening your system by doing this as you'll end up replacing one binary with many.
1
Even ifinit
itself isn't the one from Busybox, if a system has Busybox, it probably has other critical programs provided by Busybox, for examplesh
.
â Gilles
9 hours ago
@Gilles - edited and added as you commented :-)
â garethTheRed
9 hours ago
Using this solution, does buildroot provide the option to entirely remove busybox from buildroot ?
â ransh
20 mins ago
add a comment |Â
up vote
4
down vote
up vote
4
down vote
It all depends on whether your distro uses Busybox for init
.
To point you in the right direction, run ls -l /sbin/init
.
If you get something like the following (example from OpenWRT):
~# ls -l /sbin/init
-rwxr-xr-x 1 root root 10824 Jan 31 2016 /sbin/init
It means init
is a different application and you may be able to remove Busybox. You'll still need to replace all the command init
requires with alternatives as Busybox provides many tools required for booting successfully.
However, if you get (example from Alpine Linux):
~$ ls -l /sbin/init
lrwxrwxrwx 1 root root 12 May 3 04:49 /sbin/init -> /bin/busybox
It means init
is provided by Busybox and you'll not be able to boot unless you can replace Busybox's init
with an alternative.
You have to consider whether you are really hardening your system by doing this as you'll end up replacing one binary with many.
It all depends on whether your distro uses Busybox for init
.
To point you in the right direction, run ls -l /sbin/init
.
If you get something like the following (example from OpenWRT):
~# ls -l /sbin/init
-rwxr-xr-x 1 root root 10824 Jan 31 2016 /sbin/init
It means init
is a different application and you may be able to remove Busybox. You'll still need to replace all the command init
requires with alternatives as Busybox provides many tools required for booting successfully.
However, if you get (example from Alpine Linux):
~$ ls -l /sbin/init
lrwxrwxrwx 1 root root 12 May 3 04:49 /sbin/init -> /bin/busybox
It means init
is provided by Busybox and you'll not be able to boot unless you can replace Busybox's init
with an alternative.
You have to consider whether you are really hardening your system by doing this as you'll end up replacing one binary with many.
edited 8 hours ago
answered 9 hours ago
garethTheRed
23.4k35978
23.4k35978
1
Even ifinit
itself isn't the one from Busybox, if a system has Busybox, it probably has other critical programs provided by Busybox, for examplesh
.
â Gilles
9 hours ago
@Gilles - edited and added as you commented :-)
â garethTheRed
9 hours ago
Using this solution, does buildroot provide the option to entirely remove busybox from buildroot ?
â ransh
20 mins ago
add a comment |Â
1
Even ifinit
itself isn't the one from Busybox, if a system has Busybox, it probably has other critical programs provided by Busybox, for examplesh
.
â Gilles
9 hours ago
@Gilles - edited and added as you commented :-)
â garethTheRed
9 hours ago
Using this solution, does buildroot provide the option to entirely remove busybox from buildroot ?
â ransh
20 mins ago
1
1
Even if
init
itself isn't the one from Busybox, if a system has Busybox, it probably has other critical programs provided by Busybox, for example sh
.â Gilles
9 hours ago
Even if
init
itself isn't the one from Busybox, if a system has Busybox, it probably has other critical programs provided by Busybox, for example sh
.â Gilles
9 hours ago
@Gilles - edited and added as you commented :-)
â garethTheRed
9 hours ago
@Gilles - edited and added as you commented :-)
â garethTheRed
9 hours ago
Using this solution, does buildroot provide the option to entirely remove busybox from buildroot ?
â ransh
20 mins ago
Using this solution, does buildroot provide the option to entirely remove busybox from buildroot ?
â ransh
20 mins ago
add a comment |Â
up vote
3
down vote
I routinely delete busybox in my master template/Debian VMs.
As for Debian, it is a matter of not allowing it to install both the busybox
and busybox-static
packages.
You just have to keep in mind the recovery/rescue options will be more limited in a system without it. e.g. I might keep it on a physical system, I delete it as a norm form VMs to save space and under the Unix old golden rule of keeping the minimum of software installed.
At least speaking for Debian, the uninstall makes the necessary modifications in the background, and it is neither necessary to do any extra steps nor customizing anything.
I forgot to mention that I use buildroot (just edit the question). So this solution may not be relevant in my case.
â ransh
6 hours ago
add a comment |Â
up vote
3
down vote
I routinely delete busybox in my master template/Debian VMs.
As for Debian, it is a matter of not allowing it to install both the busybox
and busybox-static
packages.
You just have to keep in mind the recovery/rescue options will be more limited in a system without it. e.g. I might keep it on a physical system, I delete it as a norm form VMs to save space and under the Unix old golden rule of keeping the minimum of software installed.
At least speaking for Debian, the uninstall makes the necessary modifications in the background, and it is neither necessary to do any extra steps nor customizing anything.
I forgot to mention that I use buildroot (just edit the question). So this solution may not be relevant in my case.
â ransh
6 hours ago
add a comment |Â
up vote
3
down vote
up vote
3
down vote
I routinely delete busybox in my master template/Debian VMs.
As for Debian, it is a matter of not allowing it to install both the busybox
and busybox-static
packages.
You just have to keep in mind the recovery/rescue options will be more limited in a system without it. e.g. I might keep it on a physical system, I delete it as a norm form VMs to save space and under the Unix old golden rule of keeping the minimum of software installed.
At least speaking for Debian, the uninstall makes the necessary modifications in the background, and it is neither necessary to do any extra steps nor customizing anything.
I routinely delete busybox in my master template/Debian VMs.
As for Debian, it is a matter of not allowing it to install both the busybox
and busybox-static
packages.
You just have to keep in mind the recovery/rescue options will be more limited in a system without it. e.g. I might keep it on a physical system, I delete it as a norm form VMs to save space and under the Unix old golden rule of keeping the minimum of software installed.
At least speaking for Debian, the uninstall makes the necessary modifications in the background, and it is neither necessary to do any extra steps nor customizing anything.
answered 7 hours ago
Rui F Ribeiro
37.2k1274118
37.2k1274118
I forgot to mention that I use buildroot (just edit the question). So this solution may not be relevant in my case.
â ransh
6 hours ago
add a comment |Â
I forgot to mention that I use buildroot (just edit the question). So this solution may not be relevant in my case.
â ransh
6 hours ago
I forgot to mention that I use buildroot (just edit the question). So this solution may not be relevant in my case.
â ransh
6 hours ago
I forgot to mention that I use buildroot (just edit the question). So this solution may not be relevant in my case.
â ransh
6 hours ago
add a comment |Â
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2funix.stackexchange.com%2fquestions%2f476685%2fremove-busybox-from-buildroot%23new-answer', 'question_page');
);
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Post as a guest
Sign up or log in
StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Sign up using Google
Sign up using Facebook
Sign up using Email and Password
Is it for a bare metal system, a VM, or for a Docker container? busybox contains all the commands so it is not easy to remove.
â xenoid
9 hours ago
Which distribution? Why have you not made a test in a VM yet,?
â Rui F Ribeiro
9 hours ago
What kind of system is it? Why do you think that removing a program would harden your system?
â Gilles
9 hours ago
It is for buildroot. I might have forgotten to mention it. I edited the question.
â ransh
6 hours ago