search for: hardened

Hello, to build + packages dovecot I use the usual Debian tool chain. That includes build with selected GCC options and running lintian. I notice since a long time (read: many earlier versions, up to 2.2.35) this lintian warnings: I: dovecot-core: hardening-no-fortify-functions usr/lib/dovecot/auth N: N: This package provides an ELF binary that lacks the use of fortified libc N:

> On 30 March 2018 at 15:08 "A. Schulze" <sca at andreasschulze.de> wrote: > > > Hello, > > to build + packages dovecot I use the usual Debian tool chain. That includes build with selected GCC options and running lintian. > > I notice since a long time (read: many earlier versions, up to 2.2.35) this lintian warnings: > > I: dovecot-core:

Hi all, Please forgive what may be an OT question: I'm considering using hardened php and am interested in any comments which may be offered regarding hardened php and CentOS5. For reference: http://www.hardened-php.net/hardening_patch.14.html Is hardened php available as an RPM from any of our fine CentOS repositories? If not, I'd feel less inclined to use it as it affec...

Hi All, What tips does everyone have on hardening a CenOS Server that is running web, e-mail, ssh, ftp, mysql, coldfusion and will be processing payments from www? -Jason

Dear Doc Admins, My name is Earl Ramirez and I have a particular interest with the 'hardening' SIG, therefore I will like to know if its possible for me to have write access to the hardening SIG page [0]. My goal is to kick off the draft and as we come together to decide the goals and direction of the SIG I will update the content accordingly. [0]

Should the URL match the word used in the subject? [0] [0] http://wiki.centos.org/SpecialInterestGroup/Hardening jerry On Wed, Apr 29, 2015 at 8:45 AM, Alan Bartlett <ajb at elrepo.org> wrote: > On 29 April 2015 at 14:23, Earl A Ramirez <earlaramirez at gmail.com> wrote: >> Dear Doc Admins, >> >> My name is Earl Ramirez and I have a particular interest with the

I got some problem with wine (since wine 1.1.13) on hardened-sources ... actually using ... kernel -> 2.6.28-hardened-r7 #1 SMP Mon Apr 6 17:41:50 CEST 2009 x86_64 gcc -> x86_64-pc-linux-gnu-3.4.6-hardened Code: __bb_init_func': preloader.c:(.text+0x4f): undefined reference to `__guard' preloader.c:(.text+0x70): undefined reference to `__st...

I think, this SIG would/should care about hardening CentOS itself as a system not a complete environment (proxies, firewalls, etc.) The examples of the opener show this. Something else could be integrity checking possibly. I imagine a tool/script that could apply hardening stuff. Regards Tim Am 22. April 2015 09:23:52 MESZ, schrieb Eero Volotinen <eero.volotinen at iki.fi>: >Sounds

Hi, My boss asked me to harden a CentOS box by removing "hacker" tools, such as nmap, tcpdump, nc (netcat), telnet, etc. I would like to know which list of packages would you remove from a base install. I would appreciate if someone could point me to a "standard" way of doing this. I know there are procedures for hardening a machine (I remember reading about Bastille Linux)

Hi, I am running nut with megatec driver accessing ttyS0 as user nut on "standard" kernel (gentoo-sources). It works fine. However, I just built a hardened kernel on a new gentoo machine and have no experience with it. NUT (upsdrv) is failing because it says it doesn't have permission to access ttyS0 even though nut is within the appropriate group. I can add user = root in ups.conf but I'd rather not. Does someone have experience with hardene...

Installed R-devel 3.2.3 on a vanilla F23 box. Installing any package with C code fails with: gcc: error: /usr/lib/rpm/redhat/redhat-hardened-cc1: No such file or directory This parameter originates from R's CFLAGS: $ R CMD config CFLAGS -O2 -g -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -fexceptions -fstack-protector-strong --param=ssp-buffer-size=4 -grecord-gcc-switches -specs=/usr/lib/rpm/redhat/redhat-hardened...

Can anyone recommend a hardened CentOS distro?

On Fri, Jan 15, 2016 at 2:45 PM, Michael Smith <my.r.help at gmail.com> wrote: > > dnf install redhat-rpm-config I used: yum install /usr/lib/rpm/redhat/redhat-hardened-cc1 And that did the job, however it seems to me this should be a formal dependency of the R-base rpm package.

SELinux? On 22 April 2015 at 09:11, John R Pierce <pierce at hogranch.com> wrote: > On 4/21/2015 11:34 PM, Eero Volotinen wrote: > >> apply also ideas from this document: >> https://benchmarks.cisecurity.org/downloads/show-single/?file=rhel6.130 >> > > that should be your baseline. I suspect you'll find all the things you > mentioned are discussed in

On 22 April 2015 at 20:49, Mark LaPierre <marklapier at gmail.com> wrote: > On 04/22/15 01:13, Earl A Ramirez wrote: > > Dear All, > > > > About a week ago; I posted a proposal over on the centos-devel mailing > > list, the proposal is for a SIG 'CentOS hardening', there were a few of > > the members of the community who are also interested in this.

Thanks for all the amazing work with ambisonics Drew et al. We're looking forward to the 1.3 final release and have already been successfully using the ambisonic work in production code. Varun -- Engineering Manager Facebook Audio ---------------------------------------------------------------------- Message: 1 Date: Sun, 3 Jun 2018 13:02:18 +0100 From: Peter Robinson

Hi, I'm running a few PHP-based apps on our server (PMB, SPIP, Joomla, PHPMyAdmin), and I'm not always comforted about security. I don't know the details, but many a security expert frowns when it comes to PHP. Now I just stumbled over this: http://www.hardened-php.net/suhosin.127.html Has anyone already tried this out? An opinion about it? Is it worth it? Since I have to rebuild PHP anyway (because I need some specific modules that can only be obtained by rebuilding it), it wouldn't be much of a hassle. But I'm curious about the experts'...

...apsprobe tests/qemucapsprobe.p/qemucapsprobe.c.o -Wl,--as-needed -Wl,--no-undefined -Wl,-export-dynamic -pie -O2 -flto=auto -ffat-lto-objects -fexceptions -g -grecord-gcc-switches -pipe -Wall -Werror=format-security -Wp,-D_FORTIFY_SOURCE=2 -Wp,-D_GLIBCXX_ASSERTIONS -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m64 -mtune=generic -fasynchronous-unwind-tables -fstack-clash-protection -Wl,-z,relro -Wl,--as-needed -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld -Wl,--start-group tests/libtest_qemu_driver.so src/libvirt.so.0....

...ariables. Code which needs this protection and intentionally stores secret data must ensure the memory regions used for secret data are necessarily dynamic mappings or heap allocations. This is an area which can be tuned to provide more comprehensive protection at the cost of performance. * Hardened loads may still load valid addresses if not attacker-controlled addresses. To prevent these from reading secret data, the low 2gb of the address space and 2gb above and below any executable pages should be protected. Credit: * The core idea of tracing mis-speculation through data and marking...

Hi, I''m tryng to set up Xen, I have errors and google does not help me. The situation is simple: I installed Xen-3.0.2 on gentoo. The Dom0 kernel is up and running, all works perfectly. But when I try to start a DomU, xm raises this error: # xm create -c <conf_file> Using config file <conf_file> Error: <ProtocolError: RPC2/: -1> It''s all. After, `xm list`