Expanding the list of "Hardened Packages"
Dhiru Kholia
dhiru.kholia at gmail.com
Sat Apr 13 19:14:26 UTC 2013
On Sun, Apr 14, 2013 at 12:26 AM, Dhiru Kholia <dhiru.kholia at gmail.com> wrote:
> On Sat, Apr 13, 2013 at 11:16 PM, Steve Grubb <sgrubb at redhat.com> wrote:
>> On Saturday, April 13, 2013 12:19:42 PM Rahul Sundaram wrote:
>>> Is there a tracker bug? Proven packagers can help
>>
>> I have a tracker bug for issues identified on the core set of packages that
>> would be part of a common criteria certification:
>>
>> I have not run the script that checks a distribution on F19 yet, so maybe
>> there are more?
>>
>
> I have analyzed all F9 packages and have already published a list of
> packages violating packaging guidelines.
>
> See http://dl.dropbox.com/u/1522424/probable-violations-F19.csv
>
> (I made some last minute changes which might be buggy. Feedback and
> corrections are welcome!)
>
> Also note that all this analysis stuff has been *automated*.
> Additionally, my code works for all RHEL and Fedora versions (and even
> deb based distributions).
>
> The analysis code doesn't install any packages on the system, is host
> OS agnostic and is quite fast (scales linearly).
>
> See https://github.com/kholia/checksec (currently only the interactive
> tools are described in the README, bulk analysis tools are hopefully
> intuitive enough).
>
My analysis code combines the original checksec (bash script),
rpm-chksec (Steve's script) and Grant's Go port into one Python code
base.
I am planning to extend it with more checks and ideas. Your tips are welcome!
--
Dhiru
More information about the devel
mailing list