Hello,
As part of Proxmox Hardening I need to review the below binaries and make sure that SUID or SGID permissions are required. These were listed by some Debian 13 hardening audit script (https://github.com/ovh/debian-cis/tree/master | 6.1.13_find_suid_files.sh & 6.1.14_find_sgid_files.sh).
SUID
/usr/bin/fusermount3
/usr/bin/newgidmap
/usr/bin/newuidmap
/usr/bin/procmail
/usr/lib/dbus-1.0/dbus-daemon-launch-helper
/usr/libexec/proxmox-mail-forward
/usr/sbin/mount.cifs
/usr/sbin/mount.nfs
SGID
/usr/bin/lockfile
/usr/bin/procmail
Can you please help with more information about these binaries? Are internally used by Proxmox VE 9 and the SUID or GUID permissions are required.
I searched more info online but I could not find any official documentation about each one of them. Can you lead me to some documentation?
I do not know if it's safe to remove the SUID\SGID from these binaries or to mark them as been safe.
Thanks!
As part of Proxmox Hardening I need to review the below binaries and make sure that SUID or SGID permissions are required. These were listed by some Debian 13 hardening audit script (https://github.com/ovh/debian-cis/tree/master | 6.1.13_find_suid_files.sh & 6.1.14_find_sgid_files.sh).
SUID
/usr/bin/fusermount3
/usr/bin/newgidmap
/usr/bin/newuidmap
/usr/bin/procmail
/usr/lib/dbus-1.0/dbus-daemon-launch-helper
/usr/libexec/proxmox-mail-forward
/usr/sbin/mount.cifs
/usr/sbin/mount.nfs
SGID
/usr/bin/lockfile
/usr/bin/procmail
Can you please help with more information about these binaries? Are internally used by Proxmox VE 9 and the SUID or GUID permissions are required.
I searched more info online but I could not find any official documentation about each one of them. Can you lead me to some documentation?
I do not know if it's safe to remove the SUID\SGID from these binaries or to mark them as been safe.
Thanks!