From de848cb76a1d336bf4b8f46da490fc8b8d14a66e Mon Sep 17 00:00:00 2001
From: Topi Miettinen <toiwoton@gmail.com>
Date: Fri, 10 Apr 2020 12:54:48 +0300
Subject: Check for registered non-native binary formats

Examine /proc/sys/fs/binfmt_misc (Linux) for additional registered
binary formats. Those are probably emulated and their emulation could
be less tested, more buggy and more vulnerable than native binary
formats, so they should be disabled when not needed.

Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
---
 db/tests.db | 1 +
 1 file changed, 1 insertion(+)

(limited to 'db')

diff --git a/db/tests.db b/db/tests.db
index 62857946..38dc6a1e 100644
--- a/db/tests.db
+++ b/db/tests.db
@@ -168,6 +168,7 @@ HOME-9350:test:security:homedirs::Collecting information from home directories:
 HRDN-7220:test:security:hardening::Check if one or more compilers are installed:
 HRDN-7222:test:security:hardening::Check compiler permissions:
 HRDN-7230:test:security:hardening::Check for malware scanner:
+HRDN-7231:test:security:hardening:Linux:Check for registered non-native binary formats:
 HTTP-6622:test:security:webservers::Checking Apache presence:
 HTTP-6624:test:security:webservers::Testing main Apache configuration file:
 HTTP-6626:test:security:webservers::Testing other Apache configuration file:
-- 
cgit v1.2.3