Misc/Hardening checklist

The printable version is no longer supported and may have rendering errors. Please update your browser bookmarks and please use the default browser print function instead.

List of check for security hardening of a package

check %global hardened build ( https://fedoraproject.org/wiki/Packaging:Guidelines#Compiler_flags )

inspect service file ( http://0pointer.de/blog/projects/security.html )
- PrivateTmp
- PrivateNetwork
- block syscall
- block device
- block path ( like /home ) ( ReadOnlyDirectories= )
- block the number of process to run ( LimitNPROC=1 )

check if a daemon do not have a selinux policy or not

inspect rpmlint error about insecure file usage, insecure API
- check of initgroups/setuid/setgroup order
- check for chdir before chroot
- check for compile flags properly added

check if daemon is run as root with ps fax

check if daemon drop caps, with pscap

security review ( http://people.redhat.com/sgrubb/security/ )
- tmp usage

check if started by default if network facing

check if package is up to date

check file permission, especially log

Search

User:Misc/Hardening checklist