search

OwlCyberDefense / clip

Certifiable Linux Integration Platform (CLIP)
https://github.com/TresysTechnology/clip/wiki
Other
46 stars 18 forks source link

Investigate list of RPMs installed and remove everything deemed unnecessary in a production build #142

Closed ghost closed 9 years ago

ghost commented 9 years ago 
acl-2.2.51-12.el7.x86_64
aide-0.15.1-8.el7.x86_64
attr-2.4.46-12.el7.x86_64
audit-2.3.3-4.el7.x86_64
audit-libs-2.3.3-4.el7.x86_64
audit-libs-python-2.3.3-4.el7.x86_64
authconfig-6.2.8-8.el7.x86_64
basesystem-10.0-7.el7.noarch
bash-4.2.45-5.el7.x86_64
bind-libs-9.9.4-14.el7.x86_64
bind-libs-lite-9.9.4-14.el7.x86_64
bind-license-9.9.4-14.el7.noarch
bind-utils-9.9.4-14.el7.x86_64
binutils-2.23.52.0.1-16.el7.x86_64
bzip2-1.0.6-12.el7.x86_64
bzip2-libs-1.0.6-12.el7.x86_64
ca-certificates-2013.1.95-71.el7.noarch
checkpolicy-2.1.12-6.el7.x86_64
chkconfig-1.3.61-4.el7.x86_64
chrony-1.29.1-1.el7.x86_64
clip-dracut-module-1-2.x86_64
clip-selinux-policy-7.0-1.x86_64
clip-selinux-policy-clip-7.0-1.x86_64
coreutils-8.22-11.el7.x86_64
cpio-2.11-22.el7.x86_64
cracklib-2.9.0-11.el7.x86_64
cracklib-dicts-2.9.0-11.el7.x86_64
cronie-1.4.11-11.el7.x86_64
cronie-anacron-1.4.11-11.el7.x86_64
crontabs-1.11-6.20121102git.el7.noarch
cryptsetup-libs-1.6.3-2.el7.x86_64
curl-7.29.0-19.el7.x86_64
cyrus-sasl-lib-2.1.26-17.el7.x86_64
dbus-1.6.12-8.el7.x86_64
dbus-glib-0.100-7.el7.x86_64
dbus-libs-1.6.12-8.el7.x86_64
dbus-python-1.1.1-9.el7.x86_64
device-mapper-1.02.84-14.el7.x86_64
device-mapper-event-1.02.84-14.el7.x86_64
device-mapper-event-libs-1.02.84-14.el7.x86_64
device-mapper-libs-1.02.84-14.el7.x86_64
device-mapper-persistent-data-0.3.2-1.el7.x86_64
dhclient-4.2.5-27.el7.x86_64
dhcp-common-4.2.5-27.el7.x86_64
dhcp-libs-4.2.5-27.el7.x86_64
diffutils-3.3-4.el7.x86_64
dracut-033-161.el7.x86_64
dwz-0.11-3.el7.x86_64
e2fsprogs-1.42.9-4.el7.x86_64
e2fsprogs-libs-1.42.9-4.el7.x86_64
ebtables-2.0.10-13.el7.x86_64
efibootmgr-0.5.4-18.el7.x86_64
elfutils-0.158-3.el7.x86_64
elfutils-libelf-0.158-3.el7.x86_64
elfutils-libs-0.158-3.el7.x86_64
emacs-filesystem-24.3-11.el7.noarch
expat-2.1.0-8.el7.x86_64
file-5.11-21.el7.x86_64
file-libs-5.11-21.el7.x86_64
filesystem-3.2-18.el7.x86_64
findutils-4.5.11-3.el7.x86_64
fipscheck-1.4.1-5.el7.x86_64
fipscheck-lib-1.4.1-5.el7.x86_64
firewalld-0.3.9-7.el7.noarch
freetype-2.4.11-9.el7.x86_64
gawk-4.0.2-4.el7.x86_64
gdb-7.6.1-51.el7.x86_64
gdbm-1.10-8.el7.x86_64
gettext-0.18.2.1-4.el7.x86_64
gettext-libs-0.18.2.1-4.el7.x86_64
glib2-2.36.3-5.el7.x86_64
glibc-2.17-55.el7.x86_64
glibc-common-2.17-55.el7.x86_64
gmp-5.1.1-5.el7.x86_64
gnupg2-2.0.22-3.el7.x86_64
gobject-introspection-1.36.0-4.el7.x86_64
gpgme-1.3.2-5.el7.x86_64
grep-2.16-1.el7.x86_64
groff-base-1.22.2-8.el7.x86_64
grub2-2.02-0.2.10.el7.x86_64
grub2-tools-2.02-0.2.10.el7.x86_64
grubby-8.28-8.el7.x86_64
gzip-1.5-7.el7.x86_64
hardlink-1.0-19.el7.x86_64
hostname-3.13-3.el7.x86_64
info-5.1-4.el7.x86_64
initscripts-9.49.17-1.el7.x86_64
iproute-3.10.0-13.el7.x86_64
iptables-1.4.21-13.el7.x86_64
iptables-services-1.4.21-13.el7.x86_64
iputils-20121221-6.el7.x86_64
json-c-0.11-3.el7.x86_64
kbd-1.15.5-10.el7.x86_64
kbd-misc-1.15.5-10.el7.noarch
kernel-3.10.0-123.el7.x86_64
keyutils-libs-1.5.8-3.el7.x86_64
kmod-14-9.el7.x86_64
kmod-libs-14-9.el7.x86_64
kpartx-0.4.9-66.el7.x86_64
krb5-libs-1.11.3-49.el7.x86_64
ldns-1.6.16-7.el7.x86_64
less-458-8.el7.x86_64
libacl-2.2.51-12.el7.x86_64
libassuan-2.1.0-3.el7.x86_64
libattr-2.4.46-12.el7.x86_64
libblkid-2.23.2-16.el7.x86_64
libcap-2.22-8.el7.x86_64
libcap-ng-0.7.3-5.el7.x86_64
libcgroup-0.41-6.el7.x86_64
libcom_err-1.42.9-4.el7.x86_64
libcroco-0.6.8-5.el7.x86_64
libcurl-7.29.0-19.el7.x86_64
libdb-5.3.21-17.el7.x86_64
libdb-utils-5.3.21-17.el7.x86_64
libedit-3.0-12.20121213cvs.el7.x86_64
libestr-0.1.9-2.el7.x86_64
libevent-2.0.21-4.el7.x86_64
libffi-3.0.13-11.el7.x86_64
libgcc-4.8.2-16.el7.x86_64
libgcrypt-1.5.3-4.el7.x86_64
libgomp-4.8.2-16.el7.x86_64
libgpg-error-1.12-3.el7.x86_64
libidn-1.28-3.el7.x86_64
libmnl-1.0.3-7.el7.x86_64
libmount-2.23.2-16.el7.x86_64
libnetfilter_conntrack-1.0.4-2.el7.x86_64
libnfnetlink-1.0.1-4.el7.x86_64
libpcap-1.5.3-3.el7.x86_64
libpipeline-1.2.3-3.el7.x86_64
libpwquality-1.2.3-4.el7.x86_64
libreswan-3.8-5.el7.x86_64
libselinux-2.2.2-6.el7.x86_64
libselinux-python-2.2.2-6.el7.x86_64
libselinux-utils-2.2.2-6.el7.x86_64
libsemanage-2.1.10-16.el7.x86_64
libsemanage-python-2.1.10-16.el7.x86_64
libsepol-2.1.9-3.el7.x86_64
libss-1.42.9-4.el7.x86_64
libssh2-1.4.3-8.el7.x86_64
libstdc++-4.8.2-16.el7.x86_64
libtasn1-3.3-3.el7.x86_64
libunistring-0.9.3-9.el7.x86_64
libuser-0.60-5.el7.x86_64
libutempter-1.1.6-4.el7.x86_64
libuuid-2.23.2-16.el7.x86_64
libverto-0.2.5-4.el7.x86_64
libxml2-2.9.1-5.el7.x86_64
libxslt-1.1.28-5.el7.x86_64
libyaml-0.1.4-10.el7.x86_64
linux-firmware-20140213-0.3.git4164c23.el7.noarch
logrotate-3.8.6-4.el7.x86_64
lua-5.1.4-14.el7.x86_64
lvm2-2.02.105-14.el7.x86_64
lvm2-libs-2.02.105-14.el7.x86_64
m4-1.4.16-9.el7.x86_64
make-3.82-21.el7.x86_64
man-db-2.6.3-9.el7.x86_64
ncurses-5.9-13.20130511.el7.x86_64
ncurses-base-5.9-13.20130511.el7.noarch
ncurses-libs-5.9-13.20130511.el7.x86_64
newt-0.52.15-4.el7.x86_64
newt-python-0.52.15-4.el7.x86_64
nspr-4.10.2-4.el7.x86_64
nss-3.15.4-6.el7.x86_64
nss-softokn-3.15.4-2.el7.x86_64
nss-softokn-freebl-3.15.4-2.el7.x86_64
nss-sysinit-3.15.4-6.el7.x86_64
nss-tools-3.15.4-6.el7.x86_64
nss-util-3.15.4-2.el7.x86_64
openldap-2.4.39-3.el7.x86_64
openscap-1.2.1-1.el7.x86_64
openscap-scanner-1.2.1-1.el7.x86_64
openscap-utils-1.2.1-1.el7.x86_64
openssh-6.4p1-8.el7.x86_64
openssh-server-6.4p1-8.el7.x86_64
openssl-1.0.1e-34.el7.x86_64
openssl-libs-1.0.1e-34.el7.x86_64
os-prober-1.58-5.el7.x86_64
p11-kit-0.18.7-4.el7.x86_64
p11-kit-trust-0.18.7-4.el7.x86_64
pam-1.1.8-9.el7.x86_64
passwd-0.79-4.el7.x86_64
patch-2.7.1-8.el7.x86_64
pciutils-libs-3.2.1-4.el7.x86_64
pcre-8.32-12.el7.x86_64
perl-5.16.3-283.el7.x86_64
perl-Carp-1.26-244.el7.noarch
perl-constant-1.27-2.el7.noarch
perl-Encode-2.51-7.el7.x86_64
perl-Exporter-5.68-3.el7.noarch
perl-File-Path-2.09-2.el7.noarch
perl-File-Temp-0.23.01-3.el7.noarch
perl-Filter-1.49-3.el7.x86_64
perl-Getopt-Long-2.40-2.el7.noarch
perl-HTTP-Tiny-0.033-3.el7.noarch
perl-libs-5.16.3-283.el7.x86_64
perl-macros-5.16.3-283.el7.x86_64
perl-parent-0.225-244.el7.noarch
perl-PathTools-3.40-5.el7.x86_64
perl-Pod-Escapes-1.04-283.el7.noarch
perl-podlators-2.5.1-3.el7.noarch
perl-Pod-Perldoc-3.20-4.el7.noarch
perl-Pod-Simple-3.28-4.el7.noarch
perl-Pod-Usage-1.63-3.el7.noarch
perl-Scalar-List-Utils-1.27-248.el7.x86_64
perl-Socket-2.010-3.el7.x86_64
perl-srpm-macros-1-8.el7.noarch
perl-Storable-2.45-3.el7.x86_64
perl-Text-ParseWords-3.29-4.el7.noarch
perl-Thread-Queue-3.02-2.el7.noarch
perl-threads-1.87-4.el7.x86_64
perl-threads-shared-1.43-6.el7.x86_64
perl-Time-Local-1.2300-2.el7.noarch
pinentry-0.8.1-14.el7.x86_64
pkgconfig-0.27.1-4.el7.x86_64
policycoreutils-2.2.5-11.el7.x86_64
policycoreutils-newrole-2.2.5-11.el7.x86_64
policycoreutils-python-2.2.5-11.el7.x86_64
popt-1.13-16.el7.x86_64
procps-ng-3.3.9-6.el7.x86_64
pth-2.0.7-22.el7.x86_64
pygobject3-base-3.8.2-4.el7.x86_64
pygpgme-0.3-9.el7.x86_64
pyliblzma-0.5.3-11.el7.x86_64
python-2.7.5-16.el7.x86_64
python-decorator-3.4.0-3.el7.noarch
python-iniparse-0.4-9.el7.noarch
python-IPy-0.75-6.el7.noarch
python-libs-2.7.5-16.el7.x86_64
python-pycurl-7.19.0-17.el7.x86_64
python-slip-0.4.0-2.el7.noarch
python-slip-dbus-0.4.0-2.el7.noarch
python-urlgrabber-3.10-4.el7.noarch
pyxattr-0.5.1-5.el7.x86_64
qrencode-libs-3.4.1-3.el7.x86_64
readline-6.2-9.el7.x86_64
redhat-logos-70.0.3-4.el7.noarch
redhat-release-server-7.0-1.el7.x86_64
redhat-rpm-config-9.1.0-63.el7.noarch
rootfiles-8.1-11.el7.noarch
rpm-4.11.1-16.el7.x86_64
rpm-build-4.11.1-16.el7.x86_64
rpm-build-libs-4.11.1-16.el7.x86_64
rpmdevtools-8.3-5.el7.noarch
rpm-libs-4.11.1-16.el7.x86_64
rpm-python-4.11.1-16.el7.x86_64
rsync-3.0.9-15.el7.x86_64
rsyslog-7.4.7-6.el7.x86_64
ruby-2.0.0.353-20.el7.x86_64
rubygem-bigdecimal-1.2.0-20.el7.x86_64
rubygem-io-console-0.4.2-20.el7.x86_64
rubygem-json-1.7.7-20.el7.x86_64
rubygem-psych-2.0.0-20.el7.x86_64
rubygem-rdoc-4.0.0-20.el7.noarch
rubygems-2.0.14-20.el7.noarch
ruby-irb-2.0.0.353-20.el7.noarch
ruby-libs-2.0.0.353-20.el7.x86_64
scap-security-guide-0.1.20-1.el7.x86_64
sed-4.2.2-5.el7.x86_64
setools-console-3.3.7-46.el7.x86_64
setools-libs-3.3.7-46.el7.x86_64
setup-2.8.71-4.el7.noarch
shadow-utils-4.1.5.1-13.el7.x86_64
shared-mime-info-1.1-7.el7.x86_64
slang-2.2.4-11.el7.x86_64
sqlite-3.7.17-4.el7.x86_64
sudo-1.8.6p7-11.el7.x86_64
systemd-208-11.el7.x86_64
systemd-libs-208-11.el7.x86_64
systemd-sysv-208-11.el7.x86_64
sysvinit-tools-2.88-14.dsf.el7.x86_64
tar-1.26-29.el7.x86_64
tcp_wrappers-libs-7.6-77.el7.x86_64
tzdata-2014b-1.el7.noarch
unbound-libs-1.4.20-19.el7.x86_64
unzip-6.0-13.el7.x86_64
ustr-1.0.4-16.el7.x86_64
util-linux-2.23.2-16.el7.x86_64
vim-minimal-7.4.160-1.el7.x86_64
which-2.20-7.el7.x86_64
xml-common-0.6.3-39.el7.noarch
xz-5.1.2-8alpha.el7.x86_64
xz-libs-5.1.2-8alpha.el7.x86_64
yum-3.4.3-118.el7.noarch
yum-metadata-parser-1.1.4-10.el7.x86_64
zip-3.0-10.el7.x86_64
zlib-1.2.7-13.el7.x86_64
ghost commented 9 years ago

From what I can tell, we should remove sudo dhcp* and maybe openssl (might cause problems generating certificates...)

ghost commented 9 years ago

I would like to leave this up to integrators so we don't remove something that is critical for others. @pebenito