On Wed, 2011-08-03 at 23:09 -0400, Steve Grubb wrote: > On Wednesday, August 03, 2011 03:29:00 PM Adam Williamson wrote: > > > I just wanted to let everyone know that I've made a number of tests > > > available for assessing security of the distribution. It is by no means > > > a comprehensive auditing tool, but the scripts definitely find problems. > > > > > > http://people.redhat.com/sgrubb/security/ > > > > > > On this list, the rpm-chksec program is the one that I am most interested > > > in people using right now. For Fedora 16, we have updated the policy to > > > recommend all packages be compiled with partial RELRO and important > > > programs have full RELRO enabled. This script can check individual rpms > > > or the whole distribution at once for compliance. > > > > > > I have text explaining what each test does. If anyone finds problems with > > > a script, please let me know. I will be adding more scripts as I find > > > problems that need widespread attention. > > > > > > Hope this helps find and fix problems... > > > > Looks like interesting stuff. Would any of these be appropriate to be > > integrated into AutoQA so they could be run regularly? > > Honestly, I don't know. On the one hand, I have some scripts that are good for fedora > QE in general. For example, the shell error test...why would anyone purposely write > shell script that does not work? This can always be fixed before a release. Some tests > are still under development like the ELF binary well known tmp file test. This can make > some false positives, but there are enough good things in it to start asking real > questions about packages...like.../home/cagney/tmp/a.out...why is that in any program? > But the chroot tests are solid. As are the exec stack tests. So, yes there are things > that can be automated so problems are not shipped. Awesome. CCing autoqa-devel on the reply, then; is anyone from AutoQA willing to work with Steve to take a look at his tests and identify good candidates for bringing into AutoQA? Thanks! -- Adam Williamson Fedora QA Community Monkey IRC: adamw | Twitter: AdamW_Fedora | identi.ca: adamwfedora http://www.happyassassin.net -- test mailing list test@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe: https://admin.fedoraproject.org/mailman/listinfo/test
