Why is Nmap Installed by Default in Proxmox?

[thiagomespb]

Guys, while discussing with some colleagues in a Proxmox group, we noticed that an Extended Detection and Response (XDR) security tool detected nmap installed on the system. Upon further investigation, I found that this package has been included by default since at least version 6.

Does anyone know the reason why nmap is pre-installed in Proxmox? Is it used for any specific internal functionality, or is it just a leftover dependency?

 

[BobhWasatch]

I don't have nmap on my PVE 8.3.3. I don't think it is a dependency of any PVE components. You can use "apt rdepends" to find out what might be depending on it.

 

[_gabriel]

nmap is indeed installed by default with the vanilla iso.
but after what is the security problem ?!

 

[BobhWasatch]

Interesting. I installed mine via Debian so maybe there is some difference after all. Seems pretty clear that it isn't needed for anything though and it is safe to remove it.

 

[alexskysilk]

nmap is a very useful tool, and it makes sense to include it as default for pve or debian.

nmap COULD be used to leak data; if you have that level of sensitivity/policy adherence requirement, you can just remove it; Alternatively, remove the executable flag from it and then mark immutable; this will make sure no one can run it and not fault any dependent packages.

 

[BobhWasatch]

If he removes it he will find out what if anything depends on it. Apt will tell him

 

[_gabriel]

nmap COULD be used to leak data

IMO, if data COULD be leaked , nmap COULD be grabbed and runned.

 

[alexskysilk]

IMO, if data COULD be leaked , nmap COULD be grabbed and runned.

a paid or scissors can be used to kill. it doesnt mean you get rid of all your scissors.

yes, nmap can be run to leak data, but that doesnt mean that the LEAKED DATA is of any harm or consequence to you. This falls into the more "theoretical" category; to my knowledge neither anything I run nor any of my customers ever had a concern for this.