Hardened checking - how?
Dhiru Kholia
dhiru.kholia at gmail.com
Fri Jun 7 13:16:35 UTC 2013
On Fri, Jun 7, 2013 at 2:06 AM, Troy Dawson <tdawson at redhat.com> wrote:
> Is there an official Fedora way for telling is something is hardened
> correctly?
> I'm working on hardening mongodb, and I think I have it right, but I'd
> really like to check.
>
> I was given a couple of scripts, which had dependencies not in Fedora, which
> then had dependencies not in Fedora, and so forth. At the third level of
> dependencies, I figured there had to be a more official way.
Were you trying to use https://github.com/kholia/checksec ?
checksec is dependant on python-libarchive and pyelftools packages
which haven't been packaged for Fedora so far.
The following steps should suffice to get checksec working on Fedora systems,
$ sudo yum install libarchive-devel python-virtualenv
$ virtualenv --system-site-packages ~/venv
$ source ~/venv/bin/activate
(venv) $ pip install python-libarchive pyelftools
(venv) $ cd ~/checksec # the git clone
(venv) $ ./checksec.py /usr/bin/mongod
You can also run scanner.py on the MongoDB rpm directly (without installing it).
...
Can we please get python-libarchive and pyelftools packaged for Fedora?
--
Dhiru
More information about the devel
mailing list