Author: jmm
Date: 2011-09-13 19:54:24 +0000 (Tue, 13 Sep 2011)
New Revision: 17231
Added:
hardening/
hardening/subgoal-dsa.txt
hardening/subgoal-important.txt
Log:
use the secure-testing repo for initial tracking/coordinating of
sec hardening work. Will possibly moved elsewhere once more appropriate
infrastructure has been found.
Added: hardening/subgoal-dsa.txt
==================================================================---
hardening/subgoal-dsa.txt (rev 0)
+++ hardening/subgoal-dsa.txt 2011-09-13 19:54:24 UTC (rev 17231)
@@ -0,0 +1,589 @@
+Hardening subgoal for Wheezy:
+All packages, which had a DSA since 2006.
+
+
+This needs to cleaned up
+further:
+- Software written in PHP etc. need to be removed
+- Some packages have been removed/superceded by newer srcpkg (I did
+ some cursory cleanup, but needs more work)
+
+To check:
+
+abc2ps
+abcmidi
+acpid
+advi
+adzapper
+afuse
+aircrack-ng
+ajaxterm
+albatross
+alsaplayer
+amarok
+amule
+antiword
+apache
+apache2
+apr
+apr-util
+apt
+apt-listchanges
+aria2
+asterisk
+audiofile
+auth2db
+avahi
+awstats
+b2evolution
+backup-manager
+barnowl
+belpic
+bind
+bind9
+blender
+bluez-hcidump
+bmv
+bochs
+boinc
+bomberclone
+bsdgames
+bugzilla
+bzip2
+cabextract
+ca-certificates
+cacti
+camlimages
+capi4hylafax
+centericq
+cfs
+cgiirc
+changetrack
+cheesetracker
+chmlib
+chromium-browser
+chrony
+citadel
+clamav
+collectd
+couchdb
+courier
+courier-authlib
+cpio
+crawl
+crossfire
+cscope
+ctorrent
+cups
+cupsys
+curl
+cvsnt
+cyrus-imapd
+cyrus-imapd-2.2
+cyrus-sasl2
+dbus
+debian-goodies
+devil
+devscripts
+dhcp
+dhcp3
+dia
+djbdns
+dkim-milter
+dnsmasq
+doctrine
+dokuwiki
+dovecot
+dpkg
+drbd8
+drupal6
+dspam
+dtc
+dvipng
+e2fsprogs
+eggdrop
+ejabberd
+ekg
+elinks
+elog
+emacs21
+enemies-of-carlotta
+enscript
+etch
+ethereal
+evince
+evolution
+evolution-data-server
+exiftags
+exim4
+exiv2
+expat
+fail2ban
+fbi
+fcheck
+fetchmail
+fex
+file
+firebird
+firebird2
+fireflier
+firefox-sage
+flac
+flamethrower
+flex
+flexbackup
+flyspray
+fontforge
+freeciv
+freeradius
+freetype
+fuse
+gaim
+gallery
+gallery2
+ganeti
+ganglia-monitor-core
+gcc-3.4
+gdm
+gdm3
+gfax
+gforge
+gforge-plugin-scmcvs
+ghostscript
+gimp
+git-core
+gitolite
+glib2.0
+glibc
+gmime2.2
+gnatsweb
+gnocatan
+gnomemeeting
+gnome-peercast
+gnumeric
+gnupg
+gnupg2
+gnutls11
+gnutls13
+gpdf
+graphicsmagick
+gsambad
+gs-esp
+gst-plugins-bad0.10
+gst-plugins-good0.10
+gtetrinet
+gtk+2.0
+gv
+gzip
+hashcash
+heartbeat
+heimdal
+hf
+hiki
+horde2
+horde3
+hostapd
+hplip
+htdig
+httrack
+hybserv
+hylafax
+iceape
+icedove
+iceweasel
+icu
+id3lib3.8.3
+ikiwiki
+ilohamail
+imagemagick
+imlib2
+imp4
+ingo1
+inotify-tools
+ipplan
+ipsec-tools
+ircd-hybrid
+isakmpd
+isc-dhcp
+iscsitarget
+jabberd14
+jailer
+jasper
+jffnms
+kaffeine
+kazehakase
+kde4libs
+kdebase
+kdegraphics
+kdelibs
+koffice
+kolab-cyrus-imapd
+kphone
+krb5
+krb5-appl
+kronolith
+kronolith2
+ktorrent
+kvirc
+kvm
+l2tpns
+lasso
+lcms
+ldap-account-manager
+ldapscripts
+ldns
+lftp
+libapache2-mod-authnz-external
+libapache2-mod-auth-pgsql
+libapache2-mod-fcgid
+libapache-auth-ldap
+libapache-mod-auth-kerb
+libapache-mod-jk
+libapreq2-perl
+libarchive
+libav
+libast
+libcairo
+libcdaudio
+libcgroup
+libcrypt-cbc-perl
+libdbd-pg-perl
+libdumb
+libexif
+libextractor
+libfishsound
+libgd2
+libgsf
+libgtop2
+libhtml-parser-perl
+libimager-perl
+libmail-audit-perl
+libmikmod
+libmodplug
+libmojolicious-perl
+libmusicbrainz-2.0
+libnet-dns-perl
+libnet-server-perl
+libnss-ldap
+libopenssl-ruby
+libpam-heimdal
+libpam-krb5
+libpam-ldap
+libphp-adodb
+libphp-phpmailer
+libpng
+librpcsecgss
+libsmi
+libsndfile
+libsoup
+libspf2
+libtasn1-2
+libthai
+libtheora
+libtk-img
+libtool
+libtorrent-rasterbar
+libtunepimp
+libvirt
+libvorbis
+libwmf
+libwpd
+libxerces2-java
+libxfont
+libxml
+libxml2
+libxslt
+lighttpd
+link-grammar
+links
+links2
+linux-ftpd
+logwatch
+lookup-el
+loop-aes-utils
+lsh-server
+ltsp
+lurker
+lvm2
+lxr-cvs
+lynx-cur
+mahara
+maildrop
+mailman
+man-db
+mantis
+mapserver
+maradns
+mediawiki
+memcached
+metamail
+migrationtools
+mimetex
+mldonkey
+mlmmj
+moin
+mon
+mono
+moodle
+motor
+movabletype-opensource
+mpg123
+mplayer
+mt-daapd
+mtr
+multipath-tools
+mutt
+mydms
+mydns
+mysql-dfsg-5.0
+mysql-ocaml
+nagios3
+icinga
+nagios-plugins
+nas
+nbd
+ncompress
+ndiswrapper
+netatalk
+netpbm-free
+netrik
+net-snmp
+network-manager
+newsx
+newt
+nfs-user-server
+nginx
+no-ip
+noweb
+nsd
+nspr
+nss
+nss-ldapd
+ntp
+ocsinventory-agent
+openafs
+openexr
+open-iscsi
+openjdk-6
+openldap
+libreoffice
+opensaml
+opensaml2
+opensc
+openssh
+openssl
+openswan
+openvpn
+opie
+oprofile
+osiris
+otrs
+otrs2
+pam-pgsql
+pango1.0
+pcre3
+pcsc-lite
+pdfkit.framework
+pdftohtml
+pdns
+pdns-recursor
+peercast
+perdition
+perl
+petris
+php4
+php5
+phpbb2
+phpgedview
+php-json-ext
+phpldapadmin
+php-mail
+phpmyadmin
+php-net-ping
+phppgadmin
+phpwiki
+php-xajax
+phpymadmin
+pidgin
+pimd
+pinball
+pmount
+policyd-weight
+polipo
+popfile
+poppler
+postfix
+postfix-policyd
+postgresql
+postgresql-8.3
+postgresql-ocaml
+postgrey
+pound
+ppp
+pptpd
+proftpd-dfsg
+psi
+pstotext
+pulseaudio
+pygresql
+python
+python2.5
+python-cherrypy
+python-cjson
+python-crypto
+python-django
+python-dns
+pywebdav
+qemu
+qemu-kvm
+qt4-x11
+qt-x11-free
+quagga
+rails
+rdesktop
+redmine
+refpolicy
+reprepro
+request-tracker3.4
+request-tracker3.6
+request-tracker3.8
+resmgr
+roundup
+rssh
+rsync
+ruby1.8
+ruby1.9
+ruby-gnome2
+samba
+sash
+scponly
+screen
+sdl-image1.2
+sendmail
+serendipity
+shadow
+silc-client
+sitebar
+slash
+slurm-llnl
+smarty
+smbind
+smstools
+snmptrapfmt
+socat
+sork-passwd-h3
+spamassassin
+spamass-milter
+speex
+spip
+splitvt
+sql-ledger
+squid
+squid3
+squidguard
+squirrelmail
+storebackup
+streamripper
+strongswan
+subversion
+sudo
+suphp
+sword
+sympa
+syslog-ng
+systemtap
+t1lib
+tar
+tcpdump
+tcpreen
+tdiary
+telepathy-gabble
+tetex-bin
+tex-common
+texinfo
+tgt
+thttpd
+tiff
+tinymux
+tinyproxy
+tk8.3
+tk8.4
+tmux
+tor
+trac
+trac-git
+transmission
+tunapie
+turba2
+tutos
+tuxpaint
+twiki
+typespeed
+typo3-src
+udev
+unalz
+unbound
+unicon
+unzip
+upcoming
+usermin
+util-linux
+uw-imap
+vim
+vino
+vlc
+vnc4
+webcalendar
+webcit
+webkit
+webmin
+websvn
+weechat
+wesnoth
+wget
+wine
+wireshark
+wml
+wordnet
+wordpress
+wv2
+wxwidgets2.6
+wzdftpd
+x11-xserver-utils
+xapian-omega
+xen-3.0
+xfce4-terminal
+xfree86
+xfs
+xine
+xine-lib
+xmcd
+xmlsec1
+xml-security-c
+xmltooling
+xmms
+xorg-server
+xpdf
+xpvm
+xterm
+xulrunner
+xwine
+xzgv
+yarssr
+yaws
+zabbix
+zaptel
+zgv
+znc
+zodb
+zonecheck
+zoo
+zope2.10
+zope2.7
+zope-cmfplone
+zope-ldapuserfolder
+zoph
+
+Resolved/fixed:
+
+
Added: hardening/subgoal-important.txt
==================================================================---
hardening/subgoal-important.txt (rev 0)
+++ hardening/subgoal-important.txt 2011-09-13 19:54:24 UTC (rev 17231)
@@ -0,0 +1,135 @@
+Hardening subgoal for Wheezy:
+All packages of priority required or important. Generated with
+
+aptitude search ''~prequired'' | sed ''s/\
A//'' ''{print$2}''
+aptitude search ''~pimportant'' | sed ''s/\
A//'' ''{print$2}
+
+This needs to cleaned up further:
+- Some all packages need to be removed (e.g. locales etc)
+
+To check:
+
+base-files
+base-passwd
+bash
+bsdutils
+coreutils
+dash
+debconf
+debconf-i18n
+debianutils
+diffutils
+dpkg
+e2fslibs
+e2fsprogs
+findutils
+gcc-4.4-base
+gcc-4.5-base
+gcc-4.6-base
+grep
+gzip
+hostname
+initscripts
+libacl1
+libattr1
+libblkid1
+libc-bin
+libc6
+libcomerr2
+libgcc1
+liblocale-gettext-perl
+liblzma2
+libmount1
+libncurses5
+libpam-modules
+libpam-modules-bin
+libpam-runtime
+libpam0g
+libselinux1
+libsepol1
+libss2
+libstdc++6
+libtext-charwidth-perl
+libtext-iconv-perl
+libtext-wrapi18n-perl
+libuuid1
+login
+lsb-base
+mawk
+mount
+ncurses-base
+ncurses-bin
+passwd
+perl-base
+sed
+sensible-utils
+sysv-rc
+sysvinit
+sysvinit-utils
+tar
+tzdata
+util-linux
+xz-utils
+zlib1g
+adduser
+apt
+apt-utils
+aptitude
+bsdmainutils
+cpio
+cron
+debian-archive-keyring
+dmidecode
+gnupg
+gpgv
+groff-base
+ifupdown
+info
+install-info
+iproute
+iptables
+iputils-ping
+isc-dhcp-client
+isc-dhcp-common
+libboost-iostreams1.42.0
+libboost-iostreams1.46.1
+libbz2-1.0
+libcwidget3
+libept1
+libgdbm3
+libncursesw5
+libnewt0.52
+libpipeline1
+libpopt0
+libreadline6
+libsigc++-2.0-0c2a
+libslang2
+libssl0.9.8
+libssl1.0.0
+libudev0
+libusb-0.1-4
+libxapian22
+logrotate
+man-db
+manpages
+module-init-tools
+nano
+net-tools
+netbase
+netcat-traditional
+procps
+readline-common
+rsyslog
+tasksel
+tasksel-data
+traceroute
+udev
+vim-common
+vim-tiny
+wget
+whiptail
+
+
+Resolved/fixed:
+
+