Secure wget binary

The wget binary is used to hack the server therefore its always better to disable the wget binary server wide and enable it for specific users, if its required by the script hosted by specific users only else leave it disable.

First check the wget binary path by using the command.

which wget

The above command will provide wget binary path.

/usr/bin/wget

Now add the new group which is actually used to enable wget binary for specific users only.

groupadd wget

Now change the group for the wget binary.

chgrp wget /usr/bin/wget

Disable the wget binary.

chmod 710 /usr/bin/wget

To assign the wget binary to specific user refer to the following command.

usermod (options) username

For example, we want to enable the wget binary to the test123 user then run the following command.

usermod -G wget test123

Similarly you can disable the other binaries as well …



About Anant 384 Articles
Senior technical writer