Am Montag, den 10.06.2013, 09:32 -0500 schrieb Troy Dawson: > On 06/06/2013 03:36 PM, Troy Dawson wrote: > > Hi, > > Is there an official Fedora way for telling is something is hardened > > correctly? > > I'm working on hardening mongodb, and I think I have it right, but I'd > > really like to check. > > > > I was given a couple of scripts, which had dependencies not in Fedora, > > which then had dependencies not in Fedora, and so forth. At the third > > level of dependencies, I figured there had to be a more official way. > > > > If I missed a Fedora web page on it, or it was in the recent hardening > > discussion, feel free to point me to it. > > > > Thanks > > Troy Dawson > > Hi, > Thanks for all the suggestions and help. Since there were a couple of > threads that came off of this, I'm going to give a summary here. > > Programs: > http://people.redhat.com/sgrubb/files/rpm-chksec > (what I ended up using) > http://packages.debian.org/sid/hardening-includes > (packaged into rpm, see below) > https://nohats.ca/checksec.sh > (works) > https://github.com/kholia/checksec > (had fedora dependency problems that are being worked on) > > rpm: > hardening-check - > http://koji.fedoraproject.org/koji/packageinfo?packageID=16362 > > Articles: > http://lwn.net/Articles/454532/ > > Summary: > I ended up using rpm-chksec because it did everything I needed and all > it's requirements were already installed on my machine. > Why I chose that? > While the other would check files, rpm-chksec took an rpm as an argument > and then checked all the binaries in it, giving a nice output. > > Again, thanks to everyone who replied. I am glad I checked it. The > mongodb scons stuff wasn't accepting arguments as I originally thought, > and I found out that I hadn't really hardened mongodb. > I'm still working on it. My next patch hardens it, but fails on a few > platforms in ways I'm totally not expecting. So, the work goes on, but > having a check helps. > > Thanks > Troy checksec is available as rpm now, too: https://koji.fedoraproject.org/koji/packageinfo?packageID=16388 If you want to give some karma: https://admin.fedoraproject.org/updates/checksec-1.5-1.fc19 https://admin.fedoraproject.org/updates/checksec-1.5-1.el6 https://admin.fedoraproject.org/updates/checksec-1.5-1.el5 karma for hardening-check: https://admin.fedoraproject.org/updates/FEDORA-EPEL-2013-10405/hardening-check-2.3-2.el6 Cheers, Björn
Attachment:
signature.asc
Description: This is a digitally signed message part
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
