The wget/lynx binary is basically used to fetch the content from the remote/external urls and its used to hack the server therefore its better to disable the wget and lynx binary server wide and enable it for specific users, if its required by the script hosted by specific users only else leave it disable to secure the server.

First check the wget and lynx binary path by using the command.

[email protected][~]# which wget lynx
/usr/bin/wget
/usr/bin/lynx



The above command provides the wget and binary binary path respectively.

/usr/bin/wget
/usr/bin/lynx

Now add the new group which is actually used to enable wget and lynx binary for the specific users only.

groupadd wget lynx

Now change the group for the wget and lynx binary.

chgrp wget /usr/bin/wget
chgrp lynx /usr/bin/lynx


Disable the wget and lynx binary.

chmod 710 /usr/bin/wget
chmod 710 /usr/bin/lynx


To assign the wget and lynx binary to the specific user refer to the following command.

usermod (options) user-name

For example, we want to enable the wget binary to the test123 user and lynx binary to support123 user than use the following commands.

usermod -G wget test123
usermod -G lynx support123


Similarly we can disable the other server side binaries which you want to secure from the hackers.