[redhat-lspp] Package list

Daniel J Walsh dwalsh at redhat.com
Wed Jun 8 20:22:06 UTC 2005 

After quick scan

X-Window only Packages

XFree86-libs
XFree86-libs-data
XFree86-Mesa-libGL
tk
pyxf86config

python-optik Dropped from FC4
raidtools Replaced by mdadm


redhat-config changed to system-config

system-config-mouse
system-config-network-tui
system-config-securitylevel-tui



Emily Ratliff wrote:

> Hi,
>
> Here is the package list based on the EAL3+ CAPP evaluation. We can 
> use this as a starting point for the discussion about trusted programs 
> and what needs to be added and deleted.
>
> acl
> amtu
> apmd
> ash
> at
> attr
> authconfig
> autofs
> basesystem
> bash
> bc
> beecrypt
> bind-utils
> binutils
> bzip2
> bzip2-libs
> chkconfig
> comps
> coreutils
> cpio
> cpp
> cracklib
> cracklib-dicts
> crontabs
> cups
> cups-libs
> curl
> cvs
> cyrus-sasl
> cyrus-sasl-gssapi
> cyrus-sasl-md5
> cyrus-sasl-plain
> db4
> dev
> devlabel
> dhclient
> dialog
> diffutils
> dos2unix
> dosfstools
> dump
> e2fsprogs
> eal3-certification
> eal3-certification-docs
> ed
> eject
> elfutils
> elfutils-libelf
> elinks
> ethtool
> expat
> fbset
> file
> filesystem
> findutils
> finger
> fontconfig
> freetype
> ftp
> gawk
> gdbm
> gettext
> glib
> glib2
> glibc
> glibc-common
> glibc-headers
> glibc-kernheaders
> gmp
> gnupg
> gpm
> grep
> groff
> grub
> gzip
> hdparm
> hesiod
> hotplug
> htmlview
> hwdata
> info
> initscripts
> iproute
> ipsec-tools
> iptables
> iptables-ipv6
> iputils
> jwhois
> kbd
> kernel
> kernel-pcmcia-cs
> kernel-smp
> kernel-utils
> krb5-libs
> krb5-workstation
> kudzu
> laus
> laus/cross
> laus-libs
> laus-libs/cross
> less
> lftp
> lha
> libacl
> libattr
> libcap
> libgcc
> libgcj
> libjpeg
> libpng
> libstdc++
> libtermcap
> libtiff
> libtool-libs
> libuser
> libwvstreams
> libxml2
> lockdev
> logrotate
> logwatch
> losetup
> lslk
> lsof
> lvm
> m4
> mailcap
> mailx
> make
> MAKEDEV
> man
> man-pages
> mdadm
> mgetty
> mingetty
> minicom
> mkbootdisk
> mkinitrd
> mktemp
> modutils
> mount
> mt-st
> mtools
> mtr
> nano
> nc
> ncompress
> ncurses
> net-tools
> netconfig
> netdump
> newt
> nfs-utils
> nscd
> nss_ldap
> ntsysv
> openldap
> openssh
> openssh-clients
> openssh-server
> openssl
> pam
> pam-passwdqc
> pam_smb
> parted
> passwd
> patch
> pax
> pciutils
> pcre
> pdksh
> perl
> perl-DateManip
> perl-Filter
> perl-HTML-Parser
> perl-HTML-Tagset
> perl-libwww-perl
> perl-URI
> pinfo
> popt
> portmap
> postfix
> ppc64-utils
> ppp
> prelink
> procmail
> procps
> psacct
> psmisc
> pspell
> pyOpenSSL
> python
> python-optik
> pyxf86config
> quota
> raidtools
> rdate
> rdist
> readline
> redhat-config-mouse
> redhat-config-network-tui
> redhat-config-securitylevel-tui
> redhat-logos
> redhat-lsb
> redhat-menus
> redhat-release
> rhnlib
> rhpl
> rmt
> rootfiles
> rp-ppoe
> rpm
> rpm-python
> rpmdb-redhat
> rsh
> rsync
> s390utils
> schedutils
> sed
> setarch
> setserial
> setup
> setuptool
> shadow-utils
> sharutils
> slang
> slocate
> specspo
> star
> stunnel
> symlinks
> sysklogd
> syslinux
> sysreport
> SysVinit
> talk
> tar
> tcl
> tcpdump
> tcp_wrappers
> tcsh
> telnet
> termcap
> tftp
> time
> tk
> tpmwatch
> traceroute
> tdata
> unix2dos
> unzip
> up2date
> usbutils
> usermode
> utempter
> util-linux
> vconfig
> vim-common
> vim-minimal
> vixie-cron
> vsftpd
> wget
> which
> wireless-tools
> words
> wvdial
> XFree86-libs
> XFree86-libs-data
> XFree86-Mesa-libGL
> xinetd
> yaboot
> yp-tools
> ypbind
> zip
> zlib
>
>
> The SELinux and MLS packages will need to be added. The laus packages 
> will be replaced by the current audit packages. As Steve mentioned, 
> gpm should probably be deleted. It seems that the XFree86 libraries 
> should be deleted if at all possible. I don't know why minicom, ppp, 
> rp-ppoe, and wvdial are on this package list but they should probably 
> also be deleted. The RBAC selftest tool should be added or possibly be 
> included with amtu. Both tar and star are in the package list, does 
> tar now include the extended attributes and the label?
>
tar does not and will not support xtended attributes.
star and rsync (I think) have extended attributes support.

> Do we need to carry both? Is tcpdump really necessary? There are a few 
> networking programs that we should look at more closely to make sure 
> that they are configured correctly and do the correct thing when 
> attached to the type of network that we decide to support. We've 
> talked about postfix, but there are curl, wget, rsync, etc. The dump 
> utilities probably will also need to be looked at more to make sure 
> that they do the right thing.
>
> Emily
>
>
> Emily Ratliff
> IBM Linux Technology Center, Security
> CISSP #51839
> 512-838-0409 (T/L 678-0409)
> emilyr at us.ibm.com
>
>------------------------------------------------------------------------
>
>--
>redhat-lspp mailing list
>redhat-lspp at redhat.com
>https://www.redhat.com/mailman/listinfo/redhat-lspp
>  
>


--

More information about the redhat-lspp mailing list