Tool To Check Hardening Options

Gilles Espinasse g.esp at free.fr
Tue Mar 8 22:39:30 PST 2011


----- Original Message ----- 
From: "Mr. T" <mr-t at jabcross.co.uk>
To: "Hardened LFS Development List" <hlfs-dev at linuxfromscratch.org>
Sent: Wednesday, March 09, 2011 3:58 AM
Subject: Tool To Check Hardening Options


> Hi,
>
> I came across a tool called checksec.sh, available at
> http://www.trapkit.de/tools/checksec.html whilst browsing this evening.
>
> Looking through the changes and examples there it seems this would be a
> good tool to check/verify hardening options that we use in HLFS.  There
> are examples for all of the hardening options we use.
>
> Would this be useful in the HLFS build stages or at the end of the build
> to verify that stuff has worked correctly ?
>
> Steve.
> -- 
I have mostly that check on ipcop build system (not yet everything like in
checksec.sh).
This is mostly based on gentoo pax-utils package
http://www.gentoo.org/proj/en/hardened/pax-utils.xml
pax-utils scanelf is very easy to use on an entire tree with -R (recursive)
or --from <list-of-files>

Gilles




More information about the hlfs-dev mailing list