Expanding the list of "Hardened Packages"
Dhiru Kholia
dhiru.kholia at gmail.com
Mon Apr 1 09:35:48 UTC 2013
On 04/01/13 at 10:23am, Michael Scherer wrote:
> Le lundi 01 avril 2013 à 12:29 +0530, Dhiru Kholia a écrit :
> > What would be a good way to solve this problem in your opinion?
> > (File bugs / Explicitly list such packages / Turn on hardening by default)
>
> I would file bugs, and list those that were checked on a wiki page,
> along a link to the bug and a date, and revisit the reason on a regular
> basis.
I have started doing this.
See https://bugzilla.redhat.com/show_bug.cgi?id=947022 for an example.
> > It would be great to have some sort of automated method to find if
> > hardening criteria applies to a particular package. Ideas are welcome!
>
> You can take a look on http://people.redhat.com/sgrubb/security/ , there
> is a script rpm-chksec to verify that.
Thanks! I found some neat ideas in rpm-chksec script.
I will incorporate them into https://github.com/kholia/checksec
--
Dhiru
More information about the devel
mailing list