Hardened checking - how?
tdawson at redhat.com
Mon Jun 10 14:32:22 UTC 2013
On 06/06/2013 03:36 PM, Troy Dawson wrote:
> Is there an official Fedora way for telling is something is hardened
> I'm working on hardening mongodb, and I think I have it right, but I'd
> really like to check.
> I was given a couple of scripts, which had dependencies not in Fedora,
> which then had dependencies not in Fedora, and so forth. At the third
> level of dependencies, I figured there had to be a more official way.
> If I missed a Fedora web page on it, or it was in the recent hardening
> discussion, feel free to point me to it.
> Troy Dawson
Thanks for all the suggestions and help. Since there were a couple of
threads that came off of this, I'm going to give a summary here.
(what I ended up using)
(packaged into rpm, see below)
(had fedora dependency problems that are being worked on)
I ended up using rpm-chksec because it did everything I needed and all
it's requirements were already installed on my machine.
Why I chose that?
While the other would check files, rpm-chksec took an rpm as an argument
and then checked all the binaries in it, giving a nice output.
Again, thanks to everyone who replied. I am glad I checked it. The
mongodb scons stuff wasn't accepting arguments as I originally thought,
and I found out that I hadn't really hardened mongodb.
I'm still working on it. My next patch hardens it, but fails on a few
platforms in ways I'm totally not expecting. So, the work goes on, but
having a check helps.
More information about the devel