Cheat Sheets

Security - No compiler

Description

Production systems, especially frontends should have no compiler to prevent overly easy privilege escalation.

Tags

  • SV-32956r2_rule

Solution

apt-get purge c-compiler

Check Script: security-no-compiler.sh

if [ -f /usr/bin/cc ]; then
	result_failed "Compiler found: /usr/bin/cc"
else
	result_ok
fi