Created attachment 183757 [details] hardening-check.shar Hardening-check is a perl script to verify that the resulting binary does, in fact, have hardening features enabled, you can use it to test each ELF binary and the output will show if the binary has position independent executable, stack protected, fortify source functions(not supported on FreeBSD now), read only relocations or immediate binding supported. WWW: https://wiki.debian.org/Hardening QA: portlint -AC WARN: Makefile: [16]: possible direct use of command "perl" found. use ${PERL} instead. WARN: Makefile: using hyphen in PORTNAME. consider using PKGNAMEPREFIX and/or PKGNAMESUFFIX. 0 fatal errors and 2 warnings found. poudriere testport pass on 11.0R-amd64
A commit references this bug: Author: pi Date: Wed Jul 5 18:02:03 UTC 2017 New revision: 445088 URL: https://svnweb.freebsd.org/changeset/ports/445088 Log: New port: security/hardening-check Check binaries for security hardening features Hardening-check is a perl script to verify that the resulting binary does, in fact, have hardening features enabled, you can use it to test each ELF binary and the output will show if the binary has position independent executable, stack protected, fortify source functions(not supported on FreeBSD now), read only relocations or immediate binding supported. WWW: https://wiki.debian.org/Hardening PR: 220245 Submitted by: amutu@amutu.com Changes: head/security/Makefile head/security/hardening-check/ head/security/hardening-check/Makefile head/security/hardening-check/distinfo head/security/hardening-check/pkg-descr
Committed, thanks!