Hardened checking - how?
bjoern.esser at gmail.com
Wed Jun 12 08:04:26 UTC 2013
Am Montag, den 10.06.2013, 09:32 -0500 schrieb Troy Dawson:
> On 06/06/2013 03:36 PM, Troy Dawson wrote:
> > Hi,
> > Is there an official Fedora way for telling is something is hardened
> > correctly?
> > I'm working on hardening mongodb, and I think I have it right, but I'd
> > really like to check.
> > I was given a couple of scripts, which had dependencies not in Fedora,
> > which then had dependencies not in Fedora, and so forth. At the third
> > level of dependencies, I figured there had to be a more official way.
> > If I missed a Fedora web page on it, or it was in the recent hardening
> > discussion, feel free to point me to it.
> > Thanks
> > Troy Dawson
> Thanks for all the suggestions and help. Since there were a couple of
> threads that came off of this, I'm going to give a summary here.
> (what I ended up using)
> (packaged into rpm, see below)
> (had fedora dependency problems that are being worked on)
> hardening-check -
> I ended up using rpm-chksec because it did everything I needed and all
> it's requirements were already installed on my machine.
> Why I chose that?
> While the other would check files, rpm-chksec took an rpm as an argument
> and then checked all the binaries in it, giving a nice output.
> Again, thanks to everyone who replied. I am glad I checked it. The
> mongodb scons stuff wasn't accepting arguments as I originally thought,
> and I found out that I hadn't really hardened mongodb.
> I'm still working on it. My next patch hardens it, but fails on a few
> platforms in ways I'm totally not expecting. So, the work goes on, but
> having a check helps.
checksec is available as rpm now, too:
If you want to give some karma:
karma for hardening-check:
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 230 bytes
Desc: This is a digitally signed message part
More information about the devel