[redhat-lspp] Package list

Thu Jun 30 20:34:09 UTC 2005

I am attaching a patch to vixie-cron 4.1-33 which contains a MLS cron based
on our polyinstantiation. I believe Janak should be able to understand what
we are doing in this code.  I am also attaching an initial version of device
allocation code for comment. It is currently missing the user level audit
code, but this shouldn't be hard to add.

-Chad

> -----Original Message-----
> From: George Wilson [mailto:gcwilson at us.ibm.com]
> Sent: Thursday, June 23, 2005 8:08 AM
> To: Chad Hanson
> Cc: redhat-lspp at redhat.com
> Subject: RE: [redhat-lspp] Package list
> 
> 
> Hi Chad,
> 
> We have been looking at the package list in detail so that we 
> can write 
> the security target.  Are there any packages not included that your 
> applications are going to need?  Are there any packages you 
> would like to 
> see thrown out?
> 
> Also, we are determining how to meet the import/export 
> requirements.  You 
> mentioned a while back that you have some device allocation 
> code and a 
> multilevel cron that you might be willing to share.  Would it 
> be possible 
> to make those available to the folks on the list?
> 
> Thanks,
> George Wilson
> IBM LTC Security Development
> 
> Sent by:        redhat-lspp-bounces at redhat.com
> To:     Emily Ratliff/Austin/IBM at IBMUS, Daniel J Walsh 
> <dwalsh at redhat.com>
> cc:     redhat-lspp at redhat.com 
> Subject:        RE: [redhat-lspp] Package list
> 
> 
> Currently a need for some of the X libraries is a side effect of cups 
> printing which requires libtiff which itself has a number of X 
> dependencies such as xorg-X11-Mesa-libGL and and xorg-x11-libs.
>  
> -Chad 
> -----Original Message-----
> From: Emily Ratliff [mailto:emilyr at us.ibm.com]
> Sent: Thursday, June 09, 2005 11:00 AM
> To: Daniel J Walsh
> Cc: redhat-lspp at redhat.com
> Subject: Re: [redhat-lspp] Package list
> 
> OK, so based on the responses so far, the updated package 
> list is below.
> 
> system-config-mouse should probably also be eliminated given 
> that we are 
> eliminating gpm and all X packages. Should also be able to get rid of 
> fontconfig and freetype. They don't hurt anything but just are not 
> necessary so we can leave them is you want. 
> 
> tar is gone. 
> 
> I added rbactest as a placeholder for the self-test tool 
> required by RBAC.
> 
> Added the SELinux and MLS package names based on the packages on your 
> rawhide site.
> 
> Do we need cpp?
> 
> Do we really want jwhois?
> 
> I guess when we dig into import/export some more we can 
> decide whether we 
> really want minicom and the ppp packages.
> 
> Added 2 eal4 rpms - one for configuring the system to 
> LSPP/RBAC and one 
> for configuring the system to CAPP/RBAC.
> 
> Do we need pam_poly or whatever for your polyinstantiation 
> work, Janak?
> 
> Do we want to keep lha on the list? I don't know much about 
> it, does it 
> support extended attributes? Same questions for pax?
> 
> 
> Proposed LSPP/EAL4+ Package List
> acl
> amtu
> apmd
> ash
> at
> attr
> authconfig
> autofs
> basesystem
> bash
> bc
> beecrypt
> bind-utils
> binutils
> bzip2
> bzip2-libs
> chkconfig
> comps
> coreutils
> cpio
> cpp
> cracklib
> cracklib-dicts
> crontabs
> cups
> cups-libs
> curl
> cvs
> cyrus-sasl
> cyrus-sasl-gssapi
> cyrus-sasl-md5
> cyrus-sasl-plain
> db4
> dev
> devlabel
> dhclient
> dialog
> diffutils
> dos2unix
> dosfstools
> dump
> e2fsprogs
> eal4-certification
> eal4-certification-docs
> eal4-mls-certification
> eal4-mls-certification-docs
> ed
> eject
> elfutils
> elfutils-libelf
> elinks
> ethtool
> expat
> fbset
> file
> filesystem
> findutils
> finger
> fontconfig*
> freetype*
> ftp
> gawk
> gdbm
> gettext
> glib
> glib2
> glibc
> glibc-common
> glibc-headers
> glibc-kernheaders
> gmp
> gnupg
> gpm
> grep
> groff
> grub
> gzip
> hdparm
> hesiod
> hotplug
> htmlview
> hwdata
> info
> initscripts
> iproute
> ipsec-tools
> iptables
> iptables-ipv6
> iputils
> jwhois
> kbd
> kernel
> kernel-pcmcia-cs
> kernel-smp
> kernel-utils
> krb5-libs
> krb5-workstation
> kudzu
> less
> lftp
> lha
> libacl
> libattr
> libcap
> libgcc
> libgcj
> libjpeg
> libpng
> libselinux
> libsepol
> libstdc++
> libtermcap
> libtiff
> libtool-libs
> libuser
> libwvstreams
> libxml2
> lockdev
> logrotate
> logwatch
> losetup
> lslk
> lsof
> lvm
> m4
> mailcap
> mailx
> make
> MAKEDEV
> man
> man-pages
> mdadm
> mgetty
> mingetty
> minicom
> mkbootdisk
> mkinitrd
> mktemp
> modutils
> mount
> mt-st
> mtools
> mtr
> nano
> nc
> ncompress
> ncurses
> net-tools
> netconfig
> netdump
> newt
> nfs-utils
> nscd
> nss_ldap
> ntsysv
> openldap
> openssh
> openssh-clients
> openssh-server
> openssl
> pam
> pam-passwdqc
> pam_smb
> parted
> passwd
> patch
> pax
> pciutils
> pcre
> pdksh
> perl
> perl-DateManip
> perl-Filter
> perl-HTML-Parser
> perl-HTML-Tagset
> perl-libwww-perl
> perl-URI
> pinfo
> policycoreutils
> popt
> portmap
> postfix
> ppc64-utils
> ppp
> prelink
> procmail
> procps
> psacct
> psmisc
> pspell
> pyOpenSSL
> python
> quota
> rbactest
> rdate
> rdist
> readline
> selinux-policy-mls
> selinux-policy-targeted
> selinux-policy-targeted-sources
> system-config-network-tui
> system-config-securitylevel-tui
> redhat-logos
> redhat-lsb
> redhat-menus
> redhat-release
> rhnlib
> rhpl
> rmt
> rootfiles
> rp-ppoe
> rpm
> rpm-python
> rpmdb-redhat
> rsh
> rsync
> s390utils
> schedutils
> sed
> setarch
> setools
> setserial
> setup
> setuptool
> shadow-utils
> sharutils
> slang
> slocate
> specspo
> star
> stunnel
> symlinks
> sysklogd
> syslinux
> sysreport
> SysVinit
> talk
> tcl
> tcpdump
> tcp_wrappers
> tcsh
> telnet
> termcap
> tftp
> time
> tpmwatch
> traceroute
> tzdata
> unix2dos
> unzip
> up2date
> usbutils
> usermode
> utempter
> util-linux
> vconfig
> vim-common
> vim-minimal
> vixie-cron
> vsftpd
> wget
> which
> wireless-tools
> words
> wvdial
> xinetd
> yaboot
> yp-tools
> ypbind
> zip
> zlib
> 
> 
> Emily Ratliff
> IBM Linux Technology Center, Security
> CISSP #51839
> 512-838-0409 (T/L 678-0409)
> emilyr at us.ibm.com--
> redhat-lspp mailing list
> redhat-lspp at redhat.com
> https://www.redhat.com/mailman/listinfo/redhat-lspp
> 
> 
> 
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: vixie-cron-mls.patch
Type: application/octet-stream
Size: 32513 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20050630/a6b9a6ab/attachment.obj>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: dev_allocator-0.2-1.src.rpm
Type: application/octet-stream
Size: 18527 bytes
Desc: not available
URL: <http://listman.redhat.com/archives/redhat-lspp/attachments/20050630/a6b9a6ab/attachment-0001.obj>