Hardened checking - how?

Dhiru Kholia dhiru.kholia at gmail.com
Fri Jun 7 13:16:35 UTC 2013

On Fri, Jun 7, 2013 at 2:06 AM, Troy Dawson <tdawson at redhat.com> wrote:
> Is there an official Fedora way for telling is something is hardened
> correctly?
> I'm working on hardening mongodb, and I think I have it right, but I'd
> really like to check.
> I was given a couple of scripts, which had dependencies not in Fedora, which
> then had dependencies not in Fedora, and so forth.  At the third level of
> dependencies, I figured there had to be a more official way.

Were you trying to use https://github.com/kholia/checksec ?

checksec is dependant on python-libarchive and pyelftools packages
which haven't been packaged for Fedora so far.

The following steps should suffice to get checksec working on Fedora systems,

$ sudo yum install libarchive-devel python-virtualenv
$ virtualenv --system-site-packages ~/venv
$ source ~/venv/bin/activate
(venv) $ pip install python-libarchive pyelftools
(venv) $ cd ~/checksec # the git clone
(venv) $ ./checksec.py /usr/bin/mongod

You can also run scanner.py on the MongoDB rpm directly (without installing it).


Can we please get python-libarchive and pyelftools packaged for Fedora?


More information about the devel mailing list