5.17. Conceal binary RPM

Once you have installed all the software that you need on yo42ur Linux server with the RPM command, it's a good idea for better security to move it to a safe place like a floppy disk or other safe place of your choice. With this method if some one accesses your server and has the intention to install software like trojan horses, password thieves etc. with RPM command, he shouldn't be able to do so. Of course, if in the future you want to install or upgrade new software via RPM, all you have to do is to replace the RPM binary to its original directory again. To move the RPM binary on the floppy disk, use the command:


             [root@deep] /# mount /dev/fd0 /mnt/floppy/
             [root@deep] /# mv /bin/rpm /mnt/floppy/
             [root@deep] /# umount /mnt/floppy
             

Never uninstall the RPM program completely from your system or you will be unable to reinstall it again later, since to install RPM or other software you need to have RPM commands available. Another thing you can do is change the default permission of the rpm command from 755 to 700. With this modification, non-root users can't use the rpm program to query, install etc; in case you forget to move it to a safe place after installation of new programs. To change the default permission of /bin/rpm, use the command:


             [root@deep] /# chmod 700  /bin/rpm