Not to be fixed
Created: Mar 27, 2015
Updated: Apr 19, 2018
Resolved Date: Apr 17, 2018
Found In Version: 7.0.0.4
Severity: Standard
Applicable for: Wind River Linux 7
Component/s: Userspace
On secure-platform rootfs, there are some binaries which lose expected security flags defined in SECURITY_CFLAGS and SECURITY_LDFLAGS.
Note that the recipes, from which the binaries are built, are not listed as exceptions in security_flags*.inc files. So the security flags are expected in binaries.
----Logs----
hardening-check.sh /bin/ping.iputils
/bin/ping.iputils:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /bin/mktemp.mktemp
/bin/mktemp.mktemp:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /sbin/ip.iproute2
/sbin/ip.iproute2:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /sbin/v86d
/sbin/v86d:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /sbin/mklost+found
/sbin/mklost+found:
Position Independent Executable: no, normal executable!
Stack protected: no, not found!
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /sbin/hdparm.hdparm
/sbin/hdparm.hdparm:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /sbin/rtmon
/sbin/rtmon:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /sbin/setfiles
/sbin/setfiles:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /sbin/mingetty
/sbin/mingetty:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/lib64/libnuma.so.1
/usr/lib64/libnuma.so.1:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: no, not found!
Fortify Source functions: no, not found!
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/lib64/python2.7/site-packages/sepolicy/_policy.so
/usr/lib64/python2.7/site-packages/sepolicy/_policy.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: no, not found!
Fortify Source functions: no, not found!
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/lib64/libpth.so.20.0.27
/usr/lib64/libpth.so.20.0.27:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: yes
Fortify Source functions: no, not found!
Read-only relocations: no, not found!
Immediate binding: no, not found!
hardening-check.sh /usr/lib64/gtk-2.0/2.10.0/engines/libpixmap.so
/usr/lib64/gtk-2.0/2.10.0/engines/libpixmap.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: yes
Fortify Source functions: no, not found!
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/lib64/libjson.so.0.1.0
/usr/lib64/libjson.so.0.1.0:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: no, not found!
Fortify Source functions: no, not found!
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/lib64/traceevent/plugins/plugin_sched_switch.so
/usr/lib64/traceevent/plugins/plugin_sched_switch.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: no, not found!
Fortify Source functions: no, not found!
Read-only relocations: no, not found!
Immediate binding: no, not found!
hardening-check.sh /usr/lib64/traceevent/plugins/plugin_jbd2.so
/usr/lib64/traceevent/plugins/plugin_jbd2.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: no, not found!
Fortify Source functions: no, not found!
Read-only relocations: no, not found!
Immediate binding: no, not found!
hardening-check.sh /usr/lib64/traceevent/plugins/plugin_scsi.so
/usr/lib64/traceevent/plugins/plugin_scsi.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: no, not found!
Fortify Source functions: no, not found!
Read-only relocations: no, not found!
Immediate binding: no, not found!
hardening-check.sh /usr/lib64/traceevent/plugins/plugin_function.so
/usr/lib64/traceevent/plugins/plugin_function.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: no, not found!
Fortify Source functions: no, not found!
Read-only relocations: no, not found!
Immediate binding: no, not found!
hardening-check.sh /usr/lib64/traceevent/plugins/plugin_kmem.so
/usr/lib64/traceevent/plugins/plugin_kmem.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: no, not found!
Fortify Source functions: no, not found!
Read-only relocations: no, not found!
Immediate binding: no, not found!
hardening-check.sh /usr/lib64/traceevent/plugins/plugin_mac80211.so
/usr/lib64/traceevent/plugins/plugin_mac80211.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: no, not found!
Fortify Source functions: no, not found!
Read-only relocations: no, not found!
Immediate binding: no, not found!
hardening-check.sh /usr/lib64/traceevent/plugins/plugin_cfg80211.so
/usr/lib64/traceevent/plugins/plugin_cfg80211.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: no, not found!
Fortify Source functions: no, not found!
Read-only relocations: no, not found!
Immediate binding: no, not found!
hardening-check.sh /usr/lib64/traceevent/plugins/plugin_hrtimer.so
/usr/lib64/traceevent/plugins/plugin_hrtimer.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: no, not found!
Fortify Source functions: no, not found!
Read-only relocations: no, not found!
Immediate binding: no, not found!
hardening-check.sh /usr/lib64/traceevent/plugins/plugin_xen.so
/usr/lib64/traceevent/plugins/plugin_xen.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: no, not found!
Fortify Source functions: no, not found!
Read-only relocations: no, not found!
Immediate binding: no, not found!
hardening-check.sh /usr/lib64/traceevent/plugins/plugin_kvm.so
/usr/lib64/traceevent/plugins/plugin_kvm.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: no, not found!
Fortify Source functions: no, not found!
Read-only relocations: no, not found!
Immediate binding: no, not found!
hardening-check.sh /usr/lib64/libstdc++.so.6.0.20
/usr/lib64/libstdc++.so.6.0.20:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: no, not found!
Fortify Source functions: no, not found!
Read-only relocations: yes
Immediate binding: no, not found!
hardening-check.sh /usr/lib64/vlock/modules/vesablank.so
/usr/lib64/vlock/modules/vesablank.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: no, not found!
Fortify Source functions: no, not found!
Read-only relocations: no, not found!
Immediate binding: no, not found!
hardening-check.sh /usr/lib64/vlock/modules/new.so
/usr/lib64/vlock/modules/new.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: no, not found!
Fortify Source functions: no, not found!
Read-only relocations: no, not found!
Immediate binding: no, not found!
hardening-check.sh /usr/lib64/vlock/modules/ttyblank.so
/usr/lib64/vlock/modules/ttyblank.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: no, not found!
Fortify Source functions: no, not found!
Read-only relocations: no, not found!
Immediate binding: no, not found!
hardening-check.sh /usr/lib64/vlock/modules/nosysrq.so
/usr/lib64/vlock/modules/nosysrq.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: no, not found!
Fortify Source functions: no, not found!
Read-only relocations: no, not found!
Immediate binding: no, not found!
hardening-check.sh /usr/lib64/vlock/modules/all.so
/usr/lib64/vlock/modules/all.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: no, not found!
Fortify Source functions: no, not found!
Read-only relocations: no, not found!
Immediate binding: no, not found!
hardening-check.sh /usr/lib64/libfl.so.2.0.0
/usr/lib64/libfl.so.2.0.0:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: yes
Fortify Source functions: no, not found!
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/lib64/libhogweed.so.2.5
/usr/lib64/libhogweed.so.2.5:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: yes
Fortify Source functions: no, not found!
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/lib64/libgailutil.so.18.0.1
/usr/lib64/libgailutil.so.18.0.1:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: yes
Fortify Source functions: no, not found!
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/lib64/libfl_pic.so.2.0.0
/usr/lib64/libfl_pic.so.2.0.0:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: yes
Fortify Source functions: no, not found!
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/lib64/sudo/sudo_noexec.so
/usr/lib64/sudo/sudo_noexec.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: no, not found!
Fortify Source functions: no, not found!
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/lib64/sudo/sesh
/usr/lib64/sudo/sesh:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/sbin/rfkill.rfkill
/usr/sbin/rfkill.rfkill:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/sbin/setcap
/usr/sbin/setcap:
Position Independent Executable: no, normal executable!
Stack protected: no, not found!
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/sbin/arping.iputils
/usr/sbin/arping.iputils:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/sbin/iw
/usr/sbin/iw:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/sbin/capsh
/usr/sbin/capsh:
Position Independent Executable: no, normal executable!
Stack protected: no, not found!
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/sbin/seedit-restorecon
/usr/sbin/seedit-restorecon:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/sbin/sestatus
/usr/sbin/sestatus:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/sbin/semodule
/usr/sbin/semodule:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/sbin/setsebool
/usr/sbin/setsebool:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/sbin/lsof
/usr/sbin/lsof:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/sbin/vsftpd
/usr/sbin/vsftpd:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/sbin/visudo
/usr/sbin/visudo:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/sbin/vlock-main
/usr/sbin/vlock-main:
Position Independent Executable: no, normal executable!
Stack protected: no, not found!
Fortify Source functions: no, not found!
Read-only relocations: no, not found!
Immediate binding: no, not found!
hardening-check.sh /usr/sbin/ntsysv
/usr/sbin/ntsysv:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/sbin/chkconfig
/usr/sbin/chkconfig:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/tracepath6
/usr/bin/tracepath6:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/gtk-update-icon-cache-2.0
/usr/bin/gtk-update-icon-cache-2.0:
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: no, not found!
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/getfacl
/usr/bin/getfacl:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/vim
/usr/bin/vim:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/unzipsfx
/usr/bin/unzipsfx:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/semodule_package
/usr/bin/semodule_package:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/iasl
/usr/bin/iasl:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/perf
/usr/bin/perf:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/gtk-query-immodules-2.0
/usr/bin/gtk-query-immodules-2.0:
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: no, not found!
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/numastat
/usr/bin/numastat:
Position Independent Executable: no, normal executable!
Stack protected: no, not found!
Fortify Source functions: no, not found!
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/setfacl
/usr/bin/setfacl:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/unzip
/usr/bin/unzip:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/seedit-converter
/usr/bin/seedit-converter:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: no, not found!
Immediate binding: no, not found!
hardening-check.sh /usr/bin/ping6.iputils
/usr/bin/ping6.iputils:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/tracepath
/usr/bin/tracepath:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/less.less
/usr/bin/less.less:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/attr
/usr/bin/attr:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/migratepages
/usr/bin/migratepages:
Position Independent Executable: no, normal executable!
Stack protected: no, not found!
Fortify Source functions: no, not found!
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/semodule_deps
/usr/bin/semodule_deps:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/mailx
/usr/bin/mailx:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/lessecho
/usr/bin/lessecho:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/sepolgen-ifgen-attr-helper
/usr/bin/sepolgen-ifgen-attr-helper:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/madt
/usr/bin/madt:
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: no, not found!
Immediate binding: no, not found!
hardening-check.sh /usr/bin/numademo
/usr/bin/numademo:
Position Independent Executable: no, normal executable!
Stack protected: no, not found!
Fortify Source functions: no, not found!
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/semodule_expand
/usr/bin/semodule_expand:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/pwqgen
/usr/bin/pwqgen:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/trace
/usr/bin/trace:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/pwqcheck
/usr/bin/pwqcheck:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/secon
/usr/bin/secon:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/sudoreplay
/usr/bin/sudoreplay:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/chacl
/usr/bin/chacl:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/semodule_link
/usr/bin/semodule_link:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/acpidump
/usr/bin/acpidump:
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: no, not found!
Immediate binding: no, not found!
hardening-check.sh /usr/bin/screen-4.0.3
/usr/bin/screen-4.0.3:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/newrole
/usr/bin/newrole:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/nettle-lfib-stream
/usr/bin/nettle-lfib-stream:
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: no, not found!
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/sedispol
/usr/bin/sedispol:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/funzip
/usr/bin/funzip:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/numactl
/usr/bin/numactl:
Position Independent Executable: no, normal executable!
Stack protected: no, not found!
Fortify Source functions: no, not found!
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/sedismod
/usr/bin/sedismod:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/memhog
/usr/bin/memhog:
Position Independent Executable: no, normal executable!
Stack protected: no, not found!
Fortify Source functions: no, not found!
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/migspeed
/usr/bin/migspeed:
Position Independent Executable: no, normal executable!
Stack protected: no, not found!
Fortify Source functions: no, not found!
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/zipinfo
/usr/bin/zipinfo:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/checkpolicy
/usr/bin/checkpolicy:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/setfattr
/usr/bin/setfattr:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/checkmodule
/usr/bin/checkmodule:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/getfattr
/usr/bin/getfattr:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/lesskey
/usr/bin/lesskey:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/sudo
/usr/bin/sudo:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/acpixtract
/usr/bin/acpixtract:
Position Independent Executable: yes
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: no, not found!
Immediate binding: no, not found!
hardening-check.sh /usr/bin/logrotate
/usr/bin/logrotate:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /usr/bin/traceroute6.iputils
/usr/bin/traceroute6.iputils:
Position Independent Executable: no, normal executable!
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: yes
Immediate binding: yes
hardening-check.sh /lib64/libpasswdqc.so.0
/lib64/libpasswdqc.so.0:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: no, not found!
Immediate binding: no, not found!
hardening-check.sh /lib64/security/pam_passwdqc.so
/lib64/security/pam_passwdqc.so:
Position Independent Executable: no, regular shared library (ignored)
Stack protected: yes
Fortify Source functions: yes
Read-only relocations: no, not found!
Immediate binding: no, not found!
step 1; /buildarea1/product/wrlinux-x/wrlinux/configure --enable-board=intel-x86-64 --enable-kernel=secure --enable-rootfs=secure-platform --with-init=sysvinit --with-layer=/path/to/security-test --with-sstate-dir=/path/to/SSTATE
Note: hardening-check is a test package located in testing layer.
Or, You can just copy the shell script and run it on target:
wget http://ftp.de.debian.org/debian/pool/main/h/hardening-wrapper/hardening-wrapper_2.7.tar.xz
tar xvf hardening-wrapper_2.7.tar.xz
cd xvf hardening-wrapper
./hardening-check.sh /usr/bin/attr
step 2; make fs
step 3; Boot target with kernel option: selinux=1 enforcing=0
step 4; hardening-check.sh /usr/bin/attr
