[redhat-lspp] Package list

[Emily Ratliff]

Hi,

Here is the package list based on the EAL3+ CAPP evaluation. We can use
this as a starting point for the discussion about trusted programs and what
needs to be added and deleted.

acl
amtu
apmd
ash
at
attr
authconfig
autofs
basesystem
bash
bc
beecrypt
bind-utils
binutils
bzip2
bzip2-libs
chkconfig
comps
coreutils
cpio
cpp
cracklib
cracklib-dicts
crontabs
cups
cups-libs
curl
cvs
cyrus-sasl
cyrus-sasl-gssapi
cyrus-sasl-md5
cyrus-sasl-plain
db4
dev
devlabel
dhclient
dialog
diffutils
dos2unix
dosfstools
dump
e2fsprogs
eal3-certification
eal3-certification-docs
ed
eject
elfutils
elfutils-libelf
elinks
ethtool
expat
fbset
file
filesystem
findutils
finger
fontconfig
freetype
ftp
gawk
gdbm
gettext
glib
glib2
glibc
glibc-common
glibc-headers
glibc-kernheaders
gmp
gnupg
gpm
grep
groff
grub
gzip
hdparm
hesiod
hotplug
htmlview
hwdata
info
initscripts
iproute
ipsec-tools
iptables
iptables-ipv6
iputils
jwhois
kbd
kernel
kernel-pcmcia-cs
kernel-smp
kernel-utils
krb5-libs
krb5-workstation
kudzu
laus
laus/cross
laus-libs
laus-libs/cross
less
lftp
lha
libacl
libattr
libcap
libgcc
libgcj
libjpeg
libpng
libstdc++
libtermcap
libtiff
libtool-libs
libuser
libwvstreams
libxml2
lockdev
logrotate
logwatch
losetup
lslk
lsof
lvm
m4
mailcap
mailx
make
MAKEDEV
man
man-pages
mdadm
mgetty
mingetty
minicom
mkbootdisk
mkinitrd
mktemp
modutils
mount
mt-st
mtools
mtr
nano
nc
ncompress
ncurses
net-tools
netconfig
netdump
newt
nfs-utils
nscd
nss_ldap
ntsysv
openldap
openssh
openssh-clients
openssh-server
openssl
pam
pam-passwdqc
pam_smb
parted
passwd
patch
pax
pciutils
pcre
pdksh
perl
perl-DateManip
perl-Filter
perl-HTML-Parser
perl-HTML-Tagset
perl-libwww-perl
perl-URI
pinfo
popt
portmap
postfix
ppc64-utils
ppp
prelink
procmail
procps
psacct
psmisc
pspell
pyOpenSSL
python
python-optik
pyxf86config
quota
raidtools
rdate
rdist
readline
redhat-config-mouse
redhat-config-network-tui
redhat-config-securitylevel-tui
redhat-logos
redhat-lsb
redhat-menus
redhat-release
rhnlib
rhpl
rmt
rootfiles
rp-ppoe
rpm
rpm-python
rpmdb-redhat
rsh
rsync
s390utils
schedutils
sed
setarch
setserial
setup
setuptool
shadow-utils
sharutils
slang
slocate
specspo
star
stunnel
symlinks
sysklogd
syslinux
sysreport
SysVinit
talk
tar
tcl
tcpdump
tcp_wrappers
tcsh
telnet
termcap
tftp
time
tk
tpmwatch
traceroute
tdata
unix2dos
unzip
up2date
usbutils
usermode
utempter
util-linux
vconfig
vim-common
vim-minimal
vixie-cron
vsftpd
wget
which
wireless-tools
words
wvdial
XFree86-libs
XFree86-libs-data
XFree86-Mesa-libGL
xinetd
yaboot
yp-tools
ypbind
zip
zlib


The SELinux and MLS packages will need to be added. The laus packages will
be replaced by the current audit packages. As Steve mentioned, gpm should
probably be deleted. It seems that the XFree86 libraries should be deleted
if at all possible. I don't know why minicom, ppp, rp-ppoe, and wvdial are
on this package list but they should probably also be deleted. The RBAC
selftest tool should be added or possibly be included with amtu. Both tar
and star are in the package list, does tar now include the extended
attributes and the label? Do we need to carry both? Is tcpdump really
necessary? There are a few networking programs that we should look at more
closely to make sure that they are configured correctly and do the correct
thing when attached to the type of network that we decide to support. We've
talked about postfix, but there are curl, wget, rsync, etc. The dump
utilities probably will also need to be looked at more to make sure that
they do the right thing.

Emily


Emily Ratliff
IBM Linux Technology Center, Security
CISSP #51839
512-838-0409 (T/L 678-0409)
emilyr at us.ibm.com
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20050608/f52d5a44/attachment.htm>