Misc/Hardening checklist

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

List of check for security hardening of a package

check %global hardened build ( https://fedoraproject.org/wiki/Packaging:Guidelines#Compiler_flags )

inspect service file ( http://0pointer.de/blog/projects/security.html )
- PrivateTmp
- PrivateNetwork
- block syscall
- block device
- block path ( like /home )

check if a daemon do not have a selinux policy or not

inspect rpmlint error about insecure file usage, insecure API
- check of initgroups/setuid/setgroup order
- check for chdir before chroot
- check for compile flags properly added

check if daemon is run as root

check if daemon drop caps

security review ( http://people.redhat.com/sgrubb/security/ )
- tmp usage

check if started by default if network facing

Search

User:Misc/Hardening checklist