[intel/portage] enable hardening for pkgs owning suid sgid files (excluding xorg-server)
This commit is contained in:
parent
0620ae0d06
commit
906bacf3b6
@ -20,17 +20,89 @@ dev-util/nvidia-cuda-sdk nographite.amd64.conf
|
|||||||
dev-util/nvidia-cuda-toolkit nographite.amd64.conf
|
dev-util/nvidia-cuda-toolkit nographite.amd64.conf
|
||||||
|
|
||||||
# Enable hardening
|
# Enable hardening
|
||||||
|
app-admin/osiris hardened.conf
|
||||||
app-admin/sudo hardened.conf
|
app-admin/sudo hardened.conf
|
||||||
app-arch/bzip2 hardened.conf
|
app-arch/bzip2 hardened.conf
|
||||||
app-arch/gzip hardened.conf
|
app-arch/gzip hardened.conf
|
||||||
app-arch/tar hardened.conf
|
app-arch/tar hardened.conf
|
||||||
app-arch/xz-utils hardened.conf
|
app-arch/xz-utils hardened.conf
|
||||||
|
app-backup/amanda hardened.conf
|
||||||
|
app-backup/tsm hardened.conf
|
||||||
|
app-cdr/cdrtools hardened.conf
|
||||||
|
app-cdr/lightscribe-lacie hardened.conf
|
||||||
|
app-cdr/qpxtool hardened.conf
|
||||||
|
app-crypt/mit-krb5 hardened.conf
|
||||||
|
app-editors/emacs hardened.conf
|
||||||
|
app-emulation/hercules hardened.conf
|
||||||
|
app-emulation/open-vm-tools hardened.conf
|
||||||
|
app-emulation/virtualbox-bin hardened.conf
|
||||||
|
app-emulation/virtualbox-guest-additions hardened.conf
|
||||||
|
app-i18n/fbiterm hardened.conf
|
||||||
|
app-i18n/jfbterm hardened.conf
|
||||||
|
app-laptop/macbook-backlight hardened.conf
|
||||||
|
app-misc/ddccontrol hardened.conf
|
||||||
|
app-misc/email2trac hardened.conf
|
||||||
|
app-misc/jail hardened.conf
|
||||||
|
app-misc/mc hardened.conf
|
||||||
|
app-misc/screen hardened.conf
|
||||||
|
app-misc/vlock hardened.conf
|
||||||
|
app-mobilephone/gnokii hardened.conf
|
||||||
app-shells/bash hardened.conf
|
app-shells/bash hardened.conf
|
||||||
|
app-shells/rssh hardened.conf
|
||||||
|
dev-embedded/scratchbox hardened.conf
|
||||||
|
dev-embedded/upslug2 hardened.conf
|
||||||
dev-lang/python hardened.conf
|
dev-lang/python hardened.conf
|
||||||
|
dev-libs/eeze hardened.conf
|
||||||
|
dev-util/schroot hardened.conf
|
||||||
|
dev-util/systemtap hardened.conf
|
||||||
|
games-puzzle/atomix hardened.conf
|
||||||
|
gnome-extra/evolution-data-server hardened.conf
|
||||||
|
gnome-extra/gnome-games hardened.conf
|
||||||
|
kde-base/kdelibs hardened.conf
|
||||||
|
kde-base/kdesu hardened.conf
|
||||||
|
kde-base/kppp hardened.conf
|
||||||
|
mail-client/mutt hardened.conf
|
||||||
|
mail-filter/dcc hardened.conf
|
||||||
|
mail-filter/dspam hardened.conf
|
||||||
|
mail-filter/maildrop hardened.conf
|
||||||
|
mail-filter/procmail hardened.conf
|
||||||
|
mail-mta/postfix hardened.conf
|
||||||
|
media-gfx/DFBPoint hardened.conf
|
||||||
|
media-sound/pulseaudio hardened.conf
|
||||||
|
media-tv/xawtv hardened.conf
|
||||||
|
media-video/dfbsee hardened.conf
|
||||||
|
net-analyzer/fping hardened.conf
|
||||||
|
net-analyzer/lft hardened.conf
|
||||||
|
net-analyzer/nagios-check_fail2ban hardened.conf
|
||||||
|
net-analyzer/nagios-plugins hardened.conf
|
||||||
|
net-analyzer/netselect hardened.conf
|
||||||
|
net-analyzer/pinger hardened.conf
|
||||||
|
net-analyzer/tcptraceroute hardened.conf
|
||||||
|
net-dialup/ppp hardened.conf
|
||||||
|
net-dialup/rp-pppoe hardened.conf
|
||||||
|
net-fs/davfs2 hardened.conf
|
||||||
|
net-fs/netatalk hardened.conf
|
||||||
|
net-fs/nfs-utils hardened.conf
|
||||||
|
net-im/ejabberd hardened.conf
|
||||||
|
net-libs/liblockfile hardened.conf
|
||||||
|
net-mail/cmd5checkpw hardened.conf
|
||||||
|
net-mail/mailman hardened.conf
|
||||||
net-misc/iputils hardened.conf
|
net-misc/iputils hardened.conf
|
||||||
|
net-misc/ndisc6 hardened.conf
|
||||||
|
net-misc/netkit-rsh hardened.conf
|
||||||
|
net-misc/nxnode hardened.conf
|
||||||
|
net-misc/nxserver-freeedition hardened.conf
|
||||||
|
net-misc/openssh hardened.conf
|
||||||
net-misc/rsync hardened.conf
|
net-misc/rsync hardened.conf
|
||||||
|
net-misc/scponly hardened.conf
|
||||||
|
net-misc/taylor-uucp hardened.conf
|
||||||
|
net-misc/vmnet hardened.conf
|
||||||
net-misc/wget hardened.conf
|
net-misc/wget hardened.conf
|
||||||
|
net-nntp/inn hardened.conf
|
||||||
|
net-proxy/squid hardened.conf
|
||||||
|
net-wireless/kismet hardened.conf
|
||||||
sys-apps/coreutils hardened.conf
|
sys-apps/coreutils hardened.conf
|
||||||
|
sys-apps/dbus hardened.conf
|
||||||
sys-apps/diffutils hardened.conf
|
sys-apps/diffutils hardened.conf
|
||||||
sys-apps/file hardened.conf
|
sys-apps/file hardened.conf
|
||||||
sys-apps/findutils hardened.conf
|
sys-apps/findutils hardened.conf
|
||||||
@ -38,16 +110,46 @@ sys-apps/gawk hardened.conf
|
|||||||
sys-apps/grep hardened.conf
|
sys-apps/grep hardened.conf
|
||||||
sys-apps/kbd hardened.conf
|
sys-apps/kbd hardened.conf
|
||||||
sys-apps/less hardened.conf
|
sys-apps/less hardened.conf
|
||||||
|
sys-apps/man-db hardened.conf
|
||||||
|
sys-apps/mlocate hardened.conf
|
||||||
sys-apps/net-tools hardened.conf
|
sys-apps/net-tools hardened.conf
|
||||||
|
sys-apps/pmount hardened.conf
|
||||||
sys-apps/sed hardened.conf
|
sys-apps/sed hardened.conf
|
||||||
sys-apps/shadow hardened.conf
|
sys-apps/shadow hardened.conf
|
||||||
sys-apps/texinfo hardened.conf
|
sys-apps/texinfo hardened.conf
|
||||||
|
sys-apps/usermode-utilities hardened.conf
|
||||||
|
sys-apps/util-linux hardened.conf
|
||||||
sys-apps/which hardened.conf
|
sys-apps/which hardened.conf
|
||||||
|
sys-auth/pam_dotfile hardened.conf
|
||||||
|
sys-auth/polkit hardened.conf
|
||||||
|
sys-auth/skey hardened.conf
|
||||||
|
sys-cluster/torque hardened.conf
|
||||||
sys-devel/binutils hardened.conf
|
sys-devel/binutils hardened.conf
|
||||||
sys-devel/gcc hardened.conf
|
sys-devel/gcc hardened.conf
|
||||||
sys-devel/gnuconfig hardened.conf
|
sys-devel/gnuconfig hardened.conf
|
||||||
sys-devel/make hardened.conf
|
sys-devel/make hardened.conf
|
||||||
sys-devel/patch hardened.conf
|
sys-devel/patch hardened.conf
|
||||||
|
sys-fs/fuse hardened.conf
|
||||||
|
sys-fs/ntfs3g hardened.conf
|
||||||
sys-libs/glibc hardened.conf
|
sys-libs/glibc hardened.conf
|
||||||
|
sys-libs/libutempter hardened.conf
|
||||||
|
sys-libs/pam hardened.conf
|
||||||
|
sys-process/at hardened.conf
|
||||||
|
sys-process/atop hardened.conf
|
||||||
sys-process/procps hardened.conf
|
sys-process/procps hardened.conf
|
||||||
sys-process/psmisc hardened.conf
|
sys-process/psmisc hardened.conf
|
||||||
|
sys-process/vixie-cron hardened.conf
|
||||||
|
www-apache/mod_suphp hardened.conf
|
||||||
|
www-apache/pwauth hardened.conf
|
||||||
|
www-client/chromium hardened.conf
|
||||||
|
www-servers/apache hardened.conf
|
||||||
|
www-servers/thttpd hardened.conf
|
||||||
|
x11-libs/gnome-pty-helper hardened.conf
|
||||||
|
x11-misc/slock hardened.conf
|
||||||
|
x11-misc/xtrlock hardened.conf
|
||||||
|
x11-plugins/wmlaptop hardened.conf
|
||||||
|
x11-plugins/wmping hardened.conf
|
||||||
|
x11-terms/aterm hardened.conf
|
||||||
|
x11-terms/mrxvt hardened.conf
|
||||||
|
x11-wm/enlightenment hardened.conf
|
||||||
|
|
||||||
|
@ -21,17 +21,89 @@ dev-util/nvidia-cuda-sdk nographite.x86.conf
|
|||||||
dev-util/nvidia-cuda-toolkit nographite.x86.conf
|
dev-util/nvidia-cuda-toolkit nographite.x86.conf
|
||||||
|
|
||||||
# Enable hardening
|
# Enable hardening
|
||||||
|
app-admin/osiris hardened.conf
|
||||||
app-admin/sudo hardened.conf
|
app-admin/sudo hardened.conf
|
||||||
app-arch/bzip2 hardened.conf
|
app-arch/bzip2 hardened.conf
|
||||||
app-arch/gzip hardened.conf
|
app-arch/gzip hardened.conf
|
||||||
app-arch/tar hardened.conf
|
app-arch/tar hardened.conf
|
||||||
app-arch/xz-utils hardened.conf
|
app-arch/xz-utils hardened.conf
|
||||||
|
app-backup/amanda hardened.conf
|
||||||
|
app-backup/tsm hardened.conf
|
||||||
|
app-cdr/cdrtools hardened.conf
|
||||||
|
app-cdr/lightscribe-lacie hardened.conf
|
||||||
|
app-cdr/qpxtool hardened.conf
|
||||||
|
app-crypt/mit-krb5 hardened.conf
|
||||||
|
app-editors/emacs hardened.conf
|
||||||
|
app-emulation/hercules hardened.conf
|
||||||
|
app-emulation/open-vm-tools hardened.conf
|
||||||
|
app-emulation/virtualbox-bin hardened.conf
|
||||||
|
app-emulation/virtualbox-guest-additions hardened.conf
|
||||||
|
app-i18n/fbiterm hardened.conf
|
||||||
|
app-i18n/jfbterm hardened.conf
|
||||||
|
app-laptop/macbook-backlight hardened.conf
|
||||||
|
app-misc/ddccontrol hardened.conf
|
||||||
|
app-misc/email2trac hardened.conf
|
||||||
|
app-misc/jail hardened.conf
|
||||||
|
app-misc/mc hardened.conf
|
||||||
|
app-misc/screen hardened.conf
|
||||||
|
app-misc/vlock hardened.conf
|
||||||
|
app-mobilephone/gnokii hardened.conf
|
||||||
app-shells/bash hardened.conf
|
app-shells/bash hardened.conf
|
||||||
|
app-shells/rssh hardened.conf
|
||||||
|
dev-embedded/scratchbox hardened.conf
|
||||||
|
dev-embedded/upslug2 hardened.conf
|
||||||
dev-lang/python hardened.conf
|
dev-lang/python hardened.conf
|
||||||
|
dev-libs/eeze hardened.conf
|
||||||
|
dev-util/schroot hardened.conf
|
||||||
|
dev-util/systemtap hardened.conf
|
||||||
|
games-puzzle/atomix hardened.conf
|
||||||
|
gnome-extra/evolution-data-server hardened.conf
|
||||||
|
gnome-extra/gnome-games hardened.conf
|
||||||
|
kde-base/kdelibs hardened.conf
|
||||||
|
kde-base/kdesu hardened.conf
|
||||||
|
kde-base/kppp hardened.conf
|
||||||
|
mail-client/mutt hardened.conf
|
||||||
|
mail-filter/dcc hardened.conf
|
||||||
|
mail-filter/dspam hardened.conf
|
||||||
|
mail-filter/maildrop hardened.conf
|
||||||
|
mail-filter/procmail hardened.conf
|
||||||
|
mail-mta/postfix hardened.conf
|
||||||
|
media-gfx/DFBPoint hardened.conf
|
||||||
|
media-sound/pulseaudio hardened.conf
|
||||||
|
media-tv/xawtv hardened.conf
|
||||||
|
media-video/dfbsee hardened.conf
|
||||||
|
net-analyzer/fping hardened.conf
|
||||||
|
net-analyzer/lft hardened.conf
|
||||||
|
net-analyzer/nagios-check_fail2ban hardened.conf
|
||||||
|
net-analyzer/nagios-plugins hardened.conf
|
||||||
|
net-analyzer/netselect hardened.conf
|
||||||
|
net-analyzer/pinger hardened.conf
|
||||||
|
net-analyzer/tcptraceroute hardened.conf
|
||||||
|
net-dialup/ppp hardened.conf
|
||||||
|
net-dialup/rp-pppoe hardened.conf
|
||||||
|
net-fs/davfs2 hardened.conf
|
||||||
|
net-fs/netatalk hardened.conf
|
||||||
|
net-fs/nfs-utils hardened.conf
|
||||||
|
net-im/ejabberd hardened.conf
|
||||||
|
net-libs/liblockfile hardened.conf
|
||||||
|
net-mail/cmd5checkpw hardened.conf
|
||||||
|
net-mail/mailman hardened.conf
|
||||||
net-misc/iputils hardened.conf
|
net-misc/iputils hardened.conf
|
||||||
|
net-misc/ndisc6 hardened.conf
|
||||||
|
net-misc/netkit-rsh hardened.conf
|
||||||
|
net-misc/nxnode hardened.conf
|
||||||
|
net-misc/nxserver-freeedition hardened.conf
|
||||||
|
net-misc/openssh hardened.conf
|
||||||
net-misc/rsync hardened.conf
|
net-misc/rsync hardened.conf
|
||||||
|
net-misc/scponly hardened.conf
|
||||||
|
net-misc/taylor-uucp hardened.conf
|
||||||
|
net-misc/vmnet hardened.conf
|
||||||
net-misc/wget hardened.conf
|
net-misc/wget hardened.conf
|
||||||
|
net-nntp/inn hardened.conf
|
||||||
|
net-proxy/squid hardened.conf
|
||||||
|
net-wireless/kismet hardened.conf
|
||||||
sys-apps/coreutils hardened.conf
|
sys-apps/coreutils hardened.conf
|
||||||
|
sys-apps/dbus hardened.conf
|
||||||
sys-apps/diffutils hardened.conf
|
sys-apps/diffutils hardened.conf
|
||||||
sys-apps/file hardened.conf
|
sys-apps/file hardened.conf
|
||||||
sys-apps/findutils hardened.conf
|
sys-apps/findutils hardened.conf
|
||||||
@ -39,18 +111,48 @@ sys-apps/gawk hardened.conf
|
|||||||
sys-apps/grep hardened.conf
|
sys-apps/grep hardened.conf
|
||||||
sys-apps/kbd hardened.conf
|
sys-apps/kbd hardened.conf
|
||||||
sys-apps/less hardened.conf
|
sys-apps/less hardened.conf
|
||||||
|
sys-apps/man-db hardened.conf
|
||||||
|
sys-apps/mlocate hardened.conf
|
||||||
sys-apps/net-tools hardened.conf
|
sys-apps/net-tools hardened.conf
|
||||||
|
sys-apps/pmount hardened.conf
|
||||||
sys-apps/sed hardened.conf
|
sys-apps/sed hardened.conf
|
||||||
sys-apps/shadow hardened.conf
|
sys-apps/shadow hardened.conf
|
||||||
sys-apps/texinfo hardened.conf
|
sys-apps/texinfo hardened.conf
|
||||||
|
sys-apps/usermode-utilities hardened.conf
|
||||||
|
sys-apps/util-linux hardened.conf
|
||||||
sys-apps/which hardened.conf
|
sys-apps/which hardened.conf
|
||||||
|
sys-auth/pam_dotfile hardened.conf
|
||||||
|
sys-auth/polkit hardened.conf
|
||||||
|
sys-auth/skey hardened.conf
|
||||||
|
sys-cluster/torque hardened.conf
|
||||||
sys-devel/binutils hardened.conf
|
sys-devel/binutils hardened.conf
|
||||||
sys-devel/gcc hardened.conf
|
sys-devel/gcc hardened.conf
|
||||||
sys-devel/gnuconfig hardened.conf
|
sys-devel/gnuconfig hardened.conf
|
||||||
sys-devel/make hardened.conf
|
sys-devel/make hardened.conf
|
||||||
sys-devel/patch hardened.conf
|
sys-devel/patch hardened.conf
|
||||||
sys-fs/e2fsprogs hardened.conf
|
sys-fs/e2fsprogs hardened.conf
|
||||||
|
sys-fs/fuse hardened.conf
|
||||||
|
sys-fs/ntfs3g hardened.conf
|
||||||
sys-libs/e2fsprogs-libs hardened.conf
|
sys-libs/e2fsprogs-libs hardened.conf
|
||||||
sys-libs/glibc hardened.conf
|
sys-libs/glibc hardened.conf
|
||||||
|
sys-libs/libutempter hardened.conf
|
||||||
|
sys-libs/pam hardened.conf
|
||||||
|
sys-process/at hardened.conf
|
||||||
|
sys-process/atop hardened.conf
|
||||||
sys-process/procps hardened.conf
|
sys-process/procps hardened.conf
|
||||||
sys-process/psmisc hardened.conf
|
sys-process/psmisc hardened.conf
|
||||||
|
sys-process/vixie-cron hardened.conf
|
||||||
|
www-apache/mod_suphp hardened.conf
|
||||||
|
www-apache/pwauth hardened.conf
|
||||||
|
www-client/chromium hardened.conf
|
||||||
|
www-servers/apache hardened.conf
|
||||||
|
www-servers/thttpd hardened.conf
|
||||||
|
x11-libs/gnome-pty-helper hardened.conf
|
||||||
|
x11-misc/slock hardened.conf
|
||||||
|
x11-misc/xtrlock hardened.conf
|
||||||
|
x11-plugins/wmlaptop hardened.conf
|
||||||
|
x11-plugins/wmping hardened.conf
|
||||||
|
x11-terms/aterm hardened.conf
|
||||||
|
x11-terms/mrxvt hardened.conf
|
||||||
|
x11-wm/enlightenment hardened.conf
|
||||||
|
|
||||||
|
Loading…
Reference in New Issue
Block a user