On 06/06/2013 03:36 PM, Troy Dawson wrote:
Hi,
Is there an official Fedora way for telling is something is hardened
correctly?
I'm working on hardening mongodb, and I think I have it right, but I'd
really like to check.
I was given a couple of scripts, which had dependencies not in Fedora,
which then had dependencies not in Fedora, and so forth. At the third
level of dependencies, I figured there had to be a more official way.
If I missed a Fedora web page on it, or it was in the recent hardening
discussion, feel free to point me to it.
Thanks
Troy Dawson
Hi,
Thanks for all the suggestions and help. Since there were a couple of
threads that came off of this, I'm going to give a summary here.
Programs:
http://people.redhat.com/sgrubb/files/rpm-chksec
(what I ended up using)
http://packages.debian.org/sid/hardening-includes
(packaged into rpm, see below)
https://nohats.ca/checksec.sh
(works)
https://github.com/kholia/checksec
(had fedora dependency problems that are being worked on)
rpm:
hardening-check -
http://koji.fedoraproject.org/koji/packageinfo?packageID=16362
Articles:
http://lwn.net/Articles/454532/
Summary:
I ended up using rpm-chksec because it did everything I needed and all
it's requirements were already installed on my machine.
Why I chose that?
While the other would check files, rpm-chksec took an rpm as an argument
and then checked all the binaries in it, giving a nice output.
Again, thanks to everyone who replied. I am glad I checked it. The
mongodb scons stuff wasn't accepting arguments as I originally thought,
and I found out that I hadn't really hardened mongodb.
I'm still working on it. My next patch hardens it, but fails on a few
platforms in ways I'm totally not expecting. So, the work goes on, but
having a check helps.
Thanks
Troy
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
