Links/new content that may be useful to Fedora

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi, I am a PhD student at Deakin University. I am also a recent member to the Debian testing security team. As part of my research I have been looking at Linux security.
 
Debian maintain a security tracker http://security-tracker.debian.org/tracker/ . I think RHEL maintains security tracking but I do not know the details. Fedora as far as I know do not publicly and actively maintain security tracking once an advisory is released.
 
A simple report I generated last year was tracking of packages and the CVEs that they reference in an advisory. I did that by scraping the public mailing list archive of advisories/updates and grepping for CVE references. I have made a report from last year publicly available https://github.com/silviocesare/Privileged-Programs/blob/master/SecurityAdvisories/Fedora/SecurityAdvisories.txt . This might be useful on the Fedora wiki.
 
A report I made of Debian's SUID/SGID programs from all packages in the repository is here https://github.com/silviocesare/Privileged-Programs/tree/master/Debian5.05 . I suspect Fedora already has such a list in line with the Fedora 15 target of removing SUID/SGID programs from the distribution.
 
Another report I made which may or may not be useful to the security team is a list of packages between Debian and Fedora that are roughly equivalent, irrespective of what the package names are https://github.com/silviocesare/Equivalent-Packages/blob/master/NearestNeighbour/Debian5_Fedora13_Matches . There are some false positives and false negatives due to the fact that the list is automatically generated. This equivalent packages list might be useful on the Fedora wiki even if it's not a fit in the security section. I will do another report for Fedora 14 against more Linux distributions if there is interest.
 
These links are just small things I've been working on, but I hope someone in the Fedora project may find them useful. I should also note that this work is all rather preliminary for now.
 
Please CC me on responses and if there is a more active or appropriate forum to raise these types of discussions then please advise.
 
--
Silvio Cesare
Deakin University
--
security mailing list
security@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/security

[Index of Archives]     [Fedora Users]     [Fedora Desktop]     [Fedora SELinux]     [Big List of Linux Books]     [Yosemite News]     [KDE Users]     [Coolkey]

  Powered by Linux