wiki/index.html

1069 lines
31 KiB
HTML

<!doctype html>
<html lang="en" class="no-js">
<head>
<meta charset="utf-8">
<meta name="viewport" content="width=device-width,initial-scale=1">
<meta name="description" content="The wiki for the Rocky Linux Security Special Interest Group">
<link rel="canonical" href="https://sig-security.rocky.page/">
<link rel="next" href="news/">
<link rel="icon" href="assets/images/favicon.png">
<meta name="generator" content="mkdocs-1.6.1, mkdocs-material-9.5.46">
<title>SIG/Security Wiki</title>
<link rel="stylesheet" href="assets/stylesheets/main.6f8fc17f.min.css">
<link rel="stylesheet" href="assets/stylesheets/palette.06af60db.min.css">
<link rel="preconnect" href="https://fonts.gstatic.com" crossorigin>
<link rel="stylesheet" href="https://fonts.googleapis.com/css?family=Roboto:300,300i,400,400i,700,700i%7CRoboto+Mono:400,400i,700,700i&display=fallback">
<style>:root{--md-text-font:"Roboto";--md-code-font:"Roboto Mono"}</style>
<script>__md_scope=new URL(".",location),__md_hash=e=>[...e].reduce(((e,_)=>(e<<5)-e+_.charCodeAt(0)),0),__md_get=(e,_=localStorage,t=__md_scope)=>JSON.parse(_.getItem(t.pathname+"."+e)),__md_set=(e,_,t=localStorage,a=__md_scope)=>{try{t.setItem(a.pathname+"."+e,JSON.stringify(_))}catch(e){}}</script>
</head>
<body dir="ltr" data-md-color-scheme="default" data-md-color-primary="teal" data-md-color-accent="teal">
<input class="md-toggle" data-md-toggle="drawer" type="checkbox" id="__drawer" autocomplete="off">
<input class="md-toggle" data-md-toggle="search" type="checkbox" id="__search" autocomplete="off">
<label class="md-overlay" for="__drawer"></label>
<div data-md-component="skip">
<a href="#sigsecurity-wiki" class="md-skip">
Skip to content
</a>
</div>
<div data-md-component="announce">
</div>
<header class="md-header md-header--shadow" data-md-component="header">
<nav class="md-header__inner md-grid" aria-label="Header">
<a href="." title="SIG/Security Wiki" class="md-header__button md-logo" aria-label="SIG/Security Wiki" data-md-component="logo">
<img src="assets/icon-white.svg" alt="logo">
</a>
<label class="md-header__button md-icon" for="__drawer">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M3 6h18v2H3zm0 5h18v2H3zm0 5h18v2H3z"/></svg>
</label>
<div class="md-header__title" data-md-component="header-title">
<div class="md-header__ellipsis">
<div class="md-header__topic">
<span class="md-ellipsis">
SIG/Security Wiki
</span>
</div>
<div class="md-header__topic" data-md-component="header-topic">
<span class="md-ellipsis">
SIG/Security Wiki
</span>
</div>
</div>
</div>
<form class="md-header__option" data-md-component="palette">
<input class="md-option" data-md-color-media="(prefers-color-scheme: light)" data-md-color-scheme="default" data-md-color-primary="teal" data-md-color-accent="teal" aria-label="Switch to dark mode" type="radio" name="__palette" id="__palette_0">
<label class="md-header__button md-icon" title="Switch to dark mode" for="__palette_1" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="m17.75 4.09-2.53 1.94.91 3.06-2.63-1.81-2.63 1.81.91-3.06-2.53-1.94L12.44 4l1.06-3 1.06 3zm3.5 6.91-1.64 1.25.59 1.98-1.7-1.17-1.7 1.17.59-1.98L15.75 11l2.06-.05L18.5 9l.69 1.95zm-2.28 4.95c.83-.08 1.72 1.1 1.19 1.85-.32.45-.66.87-1.08 1.27C15.17 23 8.84 23 4.94 19.07c-3.91-3.9-3.91-10.24 0-14.14.4-.4.82-.76 1.27-1.08.75-.53 1.93.36 1.85 1.19-.27 2.86.69 5.83 2.89 8.02a9.96 9.96 0 0 0 8.02 2.89m-1.64 2.02a12.08 12.08 0 0 1-7.8-3.47c-2.17-2.19-3.33-5-3.49-7.82-2.81 3.14-2.7 7.96.31 10.98 3.02 3.01 7.84 3.12 10.98.31"/></svg>
</label>
<input class="md-option" data-md-color-media="(prefers-color-scheme: dark)" data-md-color-scheme="slate" data-md-color-primary="teal" data-md-color-accent="teal" aria-label="Switch to light mode" type="radio" name="__palette" id="__palette_1">
<label class="md-header__button md-icon" title="Switch to light mode" for="__palette_0" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M12 7a5 5 0 0 1 5 5 5 5 0 0 1-5 5 5 5 0 0 1-5-5 5 5 0 0 1 5-5m0 2a3 3 0 0 0-3 3 3 3 0 0 0 3 3 3 3 0 0 0 3-3 3 3 0 0 0-3-3m0-7 2.39 3.42C13.65 5.15 12.84 5 12 5s-1.65.15-2.39.42zM3.34 7l4.16-.35A7.2 7.2 0 0 0 5.94 8.5c-.44.74-.69 1.5-.83 2.29zm.02 10 1.76-3.77a7.131 7.131 0 0 0 2.38 4.14zM20.65 7l-1.77 3.79a7.02 7.02 0 0 0-2.38-4.15zm-.01 10-4.14.36c.59-.51 1.12-1.14 1.54-1.86.42-.73.69-1.5.83-2.29zM12 22l-2.41-3.44c.74.27 1.55.44 2.41.44.82 0 1.63-.17 2.37-.44z"/></svg>
</label>
</form>
<script>var palette=__md_get("__palette");if(palette&&palette.color){if("(prefers-color-scheme)"===palette.color.media){var media=matchMedia("(prefers-color-scheme: light)"),input=document.querySelector(media.matches?"[data-md-color-media='(prefers-color-scheme: light)']":"[data-md-color-media='(prefers-color-scheme: dark)']");palette.color.media=input.getAttribute("data-md-color-media"),palette.color.scheme=input.getAttribute("data-md-color-scheme"),palette.color.primary=input.getAttribute("data-md-color-primary"),palette.color.accent=input.getAttribute("data-md-color-accent")}for(var[key,value]of Object.entries(palette.color))document.body.setAttribute("data-md-color-"+key,value)}</script>
<label class="md-header__button md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
</label>
<div class="md-search" data-md-component="search" role="dialog">
<label class="md-search__overlay" for="__search"></label>
<div class="md-search__inner" role="search">
<form class="md-search__form" name="search">
<input type="text" class="md-search__input" name="query" aria-label="Search" placeholder="Search" autocapitalize="off" autocorrect="off" autocomplete="off" spellcheck="false" data-md-component="search-query" required>
<label class="md-search__icon md-icon" for="__search">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M9.5 3A6.5 6.5 0 0 1 16 9.5c0 1.61-.59 3.09-1.56 4.23l.27.27h.79l5 5-1.5 1.5-5-5v-.79l-.27-.27A6.52 6.52 0 0 1 9.5 16 6.5 6.5 0 0 1 3 9.5 6.5 6.5 0 0 1 9.5 3m0 2C7 5 5 7 5 9.5S7 14 9.5 14 14 12 14 9.5 12 5 9.5 5"/></svg>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M20 11v2H8l5.5 5.5-1.42 1.42L4.16 12l7.92-7.92L13.5 5.5 8 11z"/></svg>
</label>
<nav class="md-search__options" aria-label="Search">
<button type="reset" class="md-search__icon md-icon" title="Clear" aria-label="Clear" tabindex="-1">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M19 6.41 17.59 5 12 10.59 6.41 5 5 6.41 10.59 12 5 17.59 6.41 19 12 13.41 17.59 19 19 17.59 13.41 12z"/></svg>
</button>
</nav>
<div class="md-search__suggest" data-md-component="search-suggest"></div>
</form>
<div class="md-search__output">
<div class="md-search__scrollwrap" tabindex="0" data-md-scrollfix>
<div class="md-search-result" data-md-component="search-result">
<div class="md-search-result__meta">
Initializing search
</div>
<ol class="md-search-result__list" role="presentation"></ol>
</div>
</div>
</div>
</div>
</div>
<div class="md-header__source">
<a href="https://git.resf.org/security/wiki" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.7.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg>
</div>
<div class="md-source__repository">
security/wiki
</div>
</a>
</div>
</nav>
</header>
<div class="md-container" data-md-component="container">
<main class="md-main" data-md-component="main">
<div class="md-main__inner md-grid">
<div class="md-sidebar md-sidebar--primary" data-md-component="sidebar" data-md-type="navigation" >
<div class="md-sidebar__scrollwrap">
<div class="md-sidebar__inner">
<nav class="md-nav md-nav--primary md-nav--integrated" aria-label="Navigation" data-md-level="0">
<label class="md-nav__title" for="__drawer">
<a href="." title="SIG/Security Wiki" class="md-nav__button md-logo" aria-label="SIG/Security Wiki" data-md-component="logo">
<img src="assets/icon-white.svg" alt="logo">
</a>
SIG/Security Wiki
</label>
<div class="md-nav__source">
<a href="https://git.resf.org/security/wiki" title="Go to repository" class="md-source" data-md-component="source">
<div class="md-source__icon md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 448 512"><!--! Font Awesome Free 6.7.1 by @fontawesome - https://fontawesome.com License - https://fontawesome.com/license/free (Icons: CC BY 4.0, Fonts: SIL OFL 1.1, Code: MIT License) Copyright 2024 Fonticons, Inc.--><path d="M439.55 236.05 244 40.45a28.87 28.87 0 0 0-40.81 0l-40.66 40.63 51.52 51.52c27.06-9.14 52.68 16.77 43.39 43.68l49.66 49.66c34.23-11.8 61.18 31 35.47 56.69-26.49 26.49-70.21-2.87-56-37.34L240.22 199v121.85c25.3 12.54 22.26 41.85 9.08 55a34.34 34.34 0 0 1-48.55 0c-17.57-17.6-11.07-46.91 11.25-56v-123c-20.8-8.51-24.6-30.74-18.64-45L142.57 101 8.45 235.14a28.86 28.86 0 0 0 0 40.81l195.61 195.6a28.86 28.86 0 0 0 40.8 0l194.69-194.69a28.86 28.86 0 0 0 0-40.81"/></svg>
</div>
<div class="md-source__repository">
security/wiki
</div>
</a>
</div>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item md-nav__item--active">
<input class="md-nav__toggle md-toggle" type="checkbox" id="__toc">
<label class="md-nav__link md-nav__link--active" for="__toc">
<span class="md-ellipsis">
SIG/Security Wiki
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<a href="." class="md-nav__link md-nav__link--active">
<span class="md-ellipsis">
SIG/Security Wiki
</span>
</a>
<nav class="md-nav md-nav--secondary" aria-label="Table of contents">
<label class="md-nav__title" for="__toc">
<span class="md-nav__icon md-icon"></span>
Table of contents
</label>
<ul class="md-nav__list" data-md-component="toc" data-md-scrollfix>
<li class="md-nav__item">
<a href="#responsibilities" class="md-nav__link">
<span class="md-ellipsis">
Responsibilities
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#repo-installation" class="md-nav__link">
<span class="md-ellipsis">
Repo Installation
</span>
</a>
<nav class="md-nav" aria-label="Repo Installation">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#on-rocky-linux" class="md-nav__link">
<span class="md-ellipsis">
On Rocky Linux
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#on-another-compatible-el-distro" class="md-nav__link">
<span class="md-ellipsis">
On another compatible EL distro
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#note" class="md-nav__link">
<span class="md-ellipsis">
Note
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#packages" class="md-nav__link">
<span class="md-ellipsis">
Packages
</span>
</a>
<nav class="md-nav" aria-label="Packages">
<ul class="md-nav__list">
<li class="md-nav__item">
<a href="#extra-packages-for-el8-and-el9" class="md-nav__link">
<span class="md-ellipsis">
Extra packages (for EL8 and EL9)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#extra-packages-currently-only-for-el9" class="md-nav__link">
<span class="md-ellipsis">
Extra packages (currently only for EL9)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#override-packages-for-el8-and-el9" class="md-nav__link">
<span class="md-ellipsis">
Override packages (for EL8 and EL9)
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#override-packages-currently-only-for-el9" class="md-nav__link">
<span class="md-ellipsis">
Override packages (currently only for EL9)
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="#source-code" class="md-nav__link">
<span class="md-ellipsis">
Source code
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#contributing" class="md-nav__link">
<span class="md-ellipsis">
Contributing
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#meetings-communications" class="md-nav__link">
<span class="md-ellipsis">
Meetings / Communications
</span>
</a>
</li>
<li class="md-nav__item">
<a href="#members" class="md-nav__link">
<span class="md-ellipsis">
Members
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item">
<a href="news/" class="md-nav__link">
<span class="md-ellipsis">
News
</span>
</a>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_3" >
<label class="md-nav__link" for="__nav_3" id="__nav_3_label" tabindex="">
<span class="md-ellipsis">
Issues
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_3_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_3">
<span class="md-nav__icon md-icon"></span>
Issues
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="issues/CVE-2023-23583/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2023-23583: microcode_ctl
</span>
</a>
</li>
<li class="md-nav__item">
<a href="issues/CVE-2023-4911/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2023-4911: glibc
</span>
</a>
</li>
<li class="md-nav__item">
<a href="issues/CVE-2024-1086/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2024-1086: kernel
</span>
</a>
</li>
<li class="md-nav__item">
<a href="issues/CVE-2024-2961/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2024-2961: glibc
</span>
</a>
</li>
<li class="md-nav__item">
<a href="issues/CVE-2024-6387/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2024-6387: openssh
</span>
</a>
</li>
<li class="md-nav__item">
<a href="issues/CVE-2024-6409/" class="md-nav__link">
<span class="md-ellipsis">
CVE-2024-6409: openssh
</span>
</a>
</li>
</ul>
</nav>
</li>
<li class="md-nav__item md-nav__item--section md-nav__item--nested">
<input class="md-nav__toggle md-toggle md-toggle--indeterminate" type="checkbox" id="__nav_4" >
<label class="md-nav__link" for="__nav_4" id="__nav_4_label" tabindex="">
<span class="md-ellipsis">
Packages
</span>
<span class="md-nav__icon md-icon"></span>
</label>
<nav class="md-nav" data-md-level="1" aria-labelledby="__nav_4_label" aria-expanded="false">
<label class="md-nav__title" for="__nav_4">
<span class="md-nav__icon md-icon"></span>
Packages
</label>
<ul class="md-nav__list" data-md-scrollfix>
<li class="md-nav__item">
<a href="packages/control/" class="md-nav__link">
<span class="md-ellipsis">
Extra package: control
</span>
</a>
</li>
<li class="md-nav__item">
<a href="packages/glibc/" class="md-nav__link">
<span class="md-ellipsis">
Override package: glibc
</span>
</a>
</li>
<li class="md-nav__item">
<a href="packages/hardened_malloc/" class="md-nav__link">
<span class="md-ellipsis">
Extra package: hardened_malloc
</span>
</a>
</li>
<li class="md-nav__item">
<a href="packages/lkrg/" class="md-nav__link">
<span class="md-ellipsis">
Extra package: lkrg
</span>
</a>
</li>
<li class="md-nav__item">
<a href="packages/microcode_ctl/" class="md-nav__link">
<span class="md-ellipsis">
Override package: microcode_ctl
</span>
</a>
</li>
<li class="md-nav__item">
<a href="packages/openssh/" class="md-nav__link">
<span class="md-ellipsis">
Override package: openssh
</span>
</a>
</li>
<li class="md-nav__item">
<a href="packages/passwdqc/" class="md-nav__link">
<span class="md-ellipsis">
Extra package: passwdqc
</span>
</a>
</li>
</ul>
</nav>
</li>
</ul>
</nav>
</div>
</div>
</div>
<div class="md-content" data-md-component="content">
<article class="md-content__inner md-typeset">
<a href="https://git.resf.org/security/wiki/_edit/main/docs/index.md" title="Edit this page" class="md-content__button md-icon">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M10 20H6V4h7v5h5v3.1l2-2V8l-6-6H6c-1.1 0-2 .9-2 2v16c0 1.1.9 2 2 2h4zm10.2-7c.1 0 .3.1.4.2l1.3 1.3c.2.2.2.6 0 .8l-1 1-2.1-2.1 1-1c.1-.1.2-.2.4-.2m0 3.9L14.1 23H12v-2.1l6.1-6.1z"/></svg>
</a>
<h1 id="sigsecurity-wiki">SIG/Security Wiki<a class="headerlink" href="#sigsecurity-wiki" title="Permanent link">&para;</a></h1>
<p>The Security SIG repositories provide extra security-related packages and security-hardened override packages (replacing those from the main distribution) for Rocky Linux and other Enterprise Linux (EL) distributions.</p>
<p>If you've been to this wiki before, you'll likely want to check out <a href="news">what's new</a>.</p>
<h2 id="responsibilities">Responsibilities<a class="headerlink" href="#responsibilities" title="Permanent link">&para;</a></h2>
<p>Developing and maintaining various security related packages that are not in upstream EL. Identifying, developing, and maintaining security hardening changes relative to upstream EL packages. Occasionally including/backporting additional security fixes that are not yet in upstream EL packages. Contributing to the respective upstreams where practical.</p>
<h2 id="repo-installation">Repo Installation<a class="headerlink" href="#repo-installation" title="Permanent link">&para;</a></h2>
<h3 id="on-rocky-linux">On Rocky Linux<a class="headerlink" href="#on-rocky-linux" title="Permanent link">&para;</a></h3>
<div class="highlight"><pre><span></span><code>dnf install rocky-release-security
</code></pre></div>
<h3 id="on-another-compatible-el-distro">On another compatible EL distro<a class="headerlink" href="#on-another-compatible-el-distro" title="Permanent link">&para;</a></h3>
<p>Download the release package containing our repository configuration file and package signing public key. Use the version that corresponds to the major version of your EL distro.</p>
<ul>
<li><a href="https://download.rockylinux.org/pub/rocky/9/extras/x86_64/os/Packages/r/rocky-release-security-9-4.el9.noarch.rpm">rocky-release-security-9</a></li>
<li><a href="https://download.rockylinux.org/pub/rocky/8/extras/x86_64/os/Packages/r/rocky-release-security-8-3.el8.noarch.rpm">rocky-release-security-8</a></li>
</ul>
<p>Verify the package file's SHA-256 digest with <code>sha256sum</code>. The currently expected digests are:</p>
<div class="highlight"><pre><span></span><code>4a728939103ed54518aefa3a7729921df48a2ec8dc24138b91f3bcd400afacb0 rocky-release-security-9-4.el9.noarch.rpm
8dc7912f0ab55dff4cb2b1dc9262c22aa89d911cdb680d33213737597d865006 rocky-release-security-8-3.el8.noarch.rpm
</code></pre></div>
<p>This isn't as secure as checking the package signature would be <em>if</em> you previously had our package signing public key, but on another distro you probably don't have that yet, so checking the digest against its copy obtained from this separate website is a best-effort measure.</p>
<h3 id="note">Note<a class="headerlink" href="#note" title="Permanent link">&para;</a></h3>
<p>Regardless of whether installing on Rocky or another EL distribution, the <code>security-common</code> repository for EL9 comes disabled by default out of abundance of caution because of the packages contained within the repository that override the base Rocky Linux packages.</p>
<p>In order to receive packages from the SIG, either enable the repository (<code>dnf config-manager --enable security-common</code>), or activate for a single DNF transaction with <code>dnf --enablerepo=security-common install &lt;package&gt;</code>.</p>
<h2 id="packages">Packages<a class="headerlink" href="#packages" title="Permanent link">&para;</a></h2>
<h3 id="extra-packages-for-el8-and-el9">Extra packages (for EL8 and EL9)<a class="headerlink" href="#extra-packages-for-el8-and-el9" title="Permanent link">&para;</a></h3>
<ul>
<li><a href="packages/lkrg/">lkrg</a> (Linux Kernel Runtime Guard)</li>
<li><a href="packages/passwdqc/">passwdqc</a> (password/passphrase strength checking and policy enforcement)</li>
</ul>
<h3 id="extra-packages-currently-only-for-el9">Extra packages (currently only for EL9)<a class="headerlink" href="#extra-packages-currently-only-for-el9" title="Permanent link">&para;</a></h3>
<ul>
<li><a href="packages/control/">control</a> (a common interface to register and control security-relevant system facilities)</li>
<li><a href="packages/hardened_malloc/">hardened_malloc</a> (security-focused memory allocator providing the malloc API, and a script to preload it into existing program binaries)</li>
</ul>
<h3 id="override-packages-for-el8-and-el9">Override packages (for EL8 and EL9)<a class="headerlink" href="#override-packages-for-el8-and-el9" title="Permanent link">&para;</a></h3>
<ul>
<li><a href="packages/microcode_ctl/">microcode_ctl</a> (updates Intel CPU microcode to fix <a href="issues/CVE-2023-23583/">CVE-2023-23583</a>)</li>
</ul>
<h3 id="override-packages-currently-only-for-el9">Override packages (currently only for EL9)<a class="headerlink" href="#override-packages-currently-only-for-el9" title="Permanent link">&para;</a></h3>
<ul>
<li><a href="packages/glibc/">glibc</a> (adds many security-hardening changes originating from Owl and ALT Linux on top of EL package)</li>
<li><a href="packages/openssh/">openssh</a> (fewer shared libraries exposed in sshd processes while otherwise fully matching EL package's functionality)</li>
</ul>
<p>The changes are described in more detail on the per-package wiki pages linked above, as well as in the package changelogs.
More packages/changes are planned, including override packages also for EL8.</p>
<h2 id="source-code">Source code<a class="headerlink" href="#source-code" title="Permanent link">&para;</a></h2>
<p>Just like for other Rocky Linux SIGs, the source trees for Security SIG packages are maintained in <a href="https://git.rockylinux.org/sig/security/src">per-package git repositories</a>. Each repository contains branches <code>r8</code> and/or <code>r9</code> corresponding to target EL version.</p>
<h2 id="contributing">Contributing<a class="headerlink" href="#contributing" title="Permanent link">&para;</a></h2>
<p>If anyone else wants to join this effort - in any capacity including development, maintenance, testing, documentation, user support, spreading the word, or something else - please join the Mattermost channel below and let us know!</p>
<p>We also welcome well-reasoned suggestions/feedback/preferences on direction we should take (e.g., only making changes on top of EL's vs. offering newer upstream versions), what else to package, and what other changes to include.</p>
<h2 id="meetings-communications">Meetings / Communications<a class="headerlink" href="#meetings-communications" title="Permanent link">&para;</a></h2>
<p>We hang out in our <a href="https://chat.rockylinux.org/rocky-linux/channels/security">Security Mattermost channel</a>.</p>
<h2 id="members">Members<a class="headerlink" href="#members" title="Permanent link">&para;</a></h2>
<p>Some of the people active with setting up this SIG so far:</p>
<table>
<thead>
<tr>
<th>Name</th>
<th>Mattermost Name</th>
</tr>
</thead>
<tbody>
<tr>
<td></td>
<td>@flawedworld</td>
</tr>
<tr>
<td>Fredrik Nyström</td>
<td>@nscfreny</td>
</tr>
<tr>
<td>Louis Abel</td>
<td>@label</td>
</tr>
<tr>
<td>Mustafa</td>
<td>@mustafa</td>
</tr>
<tr>
<td>Neil Hanlon</td>
<td>@neil</td>
</tr>
<tr>
<td>Scott Shinn</td>
<td>@atomicturtle</td>
</tr>
<tr>
<td>Solar Designer</td>
<td>@solardiz</td>
</tr>
</tbody>
</table>
<aside class="md-source-file">
<span class="md-source-file__fact">
<span class="md-icon" title="Last update">
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M21 13.1c-.1 0-.3.1-.4.2l-1 1 2.1 2.1 1-1c.2-.2.2-.6 0-.8l-1.3-1.3c-.1-.1-.2-.2-.4-.2m-1.9 1.8-6.1 6V23h2.1l6.1-6.1zM12.5 7v5.2l4 2.4-1 1L11 13V7zM11 21.9c-5.1-.5-9-4.8-9-9.9C2 6.5 6.5 2 12 2c5.3 0 9.6 4.1 10 9.3-.3-.1-.6-.2-1-.2s-.7.1-1 .2C19.6 7.2 16.2 4 12 4c-4.4 0-8 3.6-8 8 0 4.1 3.1 7.5 7.1 7.9l-.1.2z"/></svg>
</span>
<span class="git-revision-date-localized-plugin git-revision-date-localized-plugin-date">July 8, 2024</span>
</span>
</aside>
</article>
</div>
<script>var target=document.getElementById(location.hash.slice(1));target&&target.name&&(target.checked=target.name.startsWith("__tabbed_"))</script>
</div>
<button type="button" class="md-top md-icon" data-md-component="top" hidden>
<svg xmlns="http://www.w3.org/2000/svg" viewBox="0 0 24 24"><path d="M13 20h-2V8l-5.5 5.5-1.42-1.42L12 4.16l7.92 7.92-1.42 1.42L13 8z"/></svg>
Back to top
</button>
</main>
<footer class="md-footer">
<div class="md-footer-meta md-typeset">
<div class="md-footer-meta__inner md-grid">
<div class="md-copyright">
<div class="md-copyright__highlight">
Copyright &copy; 2023 Rocky Enterprise Software Foundation
</div>
Made with
<a href="https://squidfunk.github.io/mkdocs-material/" target="_blank" rel="noopener">
Material for MkDocs
</a>
</div>
</div>
</div>
</footer>
</div>
<div class="md-dialog" data-md-component="dialog">
<div class="md-dialog__inner md-typeset"></div>
</div>
<script id="__config" type="application/json">{"base": ".", "features": ["navigation.expand", "navigation.indexes", "navigation.instant", "navigation.sections", "navigation.top", "navigation.tracking", "navigation.path", "search.highlight", "search.suggest", "toc.integrate", "content.action.edit"], "search": "assets/javascripts/workers/search.6ce7567c.min.js", "translations": {"clipboard.copied": "Copied to clipboard", "clipboard.copy": "Copy to clipboard", "search.result.more.one": "1 more on this page", "search.result.more.other": "# more on this page", "search.result.none": "No matching documents", "search.result.one": "1 matching document", "search.result.other": "# matching documents", "search.result.placeholder": "Type to start searching", "search.result.term.missing": "Missing", "select.version": "Select version"}}</script>
<script src="assets/javascripts/bundle.83f73b43.min.js"></script>
</body>
</html>