User:Misc/Hardening checklist

From FedoraProject

< User:Misc(Difference between revisions)
Jump to: navigation, search
(page creation)
 
Line 17: Line 17:
 
** check for compile flags properly added
 
** check for compile flags properly added
  
* check if daemon is run as root
+
* check if daemon is run as root with ps fax
  
* check if daemon drop caps
+
* check if daemon drop caps, with pscap
  
 
* security review ( http://people.redhat.com/sgrubb/security/ )
 
* security review ( http://people.redhat.com/sgrubb/security/ )
 
** tmp usage
 
** tmp usage
 +
  
 
* check if started by default if network facing
 
* check if started by default if network facing

Revision as of 14:27, 2 March 2013

List of check for security hardening of a package

  • check if a daemon do not have a selinux policy or not
  • inspect rpmlint error about insecure file usage, insecure API
    • check of initgroups/setuid/setgroup order
    • check for chdir before chroot
    • check for compile flags properly added
  • check if daemon is run as root with ps fax
  • check if daemon drop caps, with pscap


  • check if started by default if network facing