Re: audit-packages like program for FreeBSD?

From: Jeff Palmer (scorpio@drkshdw.org)
Date: 07/30/02 

Date: Mon, 29 Jul 2002 21:21:16 -0400
To: Hendrik Scholz <hscholz@raisdorf.net>, freebsd-security@freebsd.org
From: Jeff Palmer <scorpio@drkshdw.org>

pkg_version -c works for me
If all your ports are updated as needed, security issues are fixed as the
portstree is updated ;-)

Jeff Palmer
scorpio@drkshdw.org

At 10:05 AM 7/30/02 +1000, Hendrik Scholz wrote:
>Hi!
>
>While using NetBSD I discovered the audit-packages package.
>Basicly it consists of a script and a text file.
>The text file contains information about packages/ports that are
>vulnerable to any kind of remote/local/dos attack.
>The script can be run by the daily cron job and then checks if one of the
>installed packages is mentioned in the list of vulnerable packages.
>If so it reports package name, version, type of bug and an URL to an
>advisory as part of the cron report.
>The text-file can be updated with ftp/wget/...
>
>As I've been thinking about this I just want to know if someone is
>interested in this for FreeBSD?
>
>Writing the script itself should be no problem for me but maintaining the
>vulnerability database could become difficult as the number of ports grow.
>A script that crawls through the ports cvs tree and checking for ports
>marked forbidden since the last run would be a good start but for
>unmaintained ports bugtraq/vuln-watch/... has to be read.
>Any ideas how to get more input?
>
>Which language to use?
>Perl would do fine for this job but as Perl isn't in the base system
>anymore a shell script or c program would be better if it should be
>possible to run this as part of the daily cron job.
>If I start with this what language should I use?
>
>Thanks for all comments, Hendrik
>
>P.S. I won't be able to answer all questions immediatly as I'm on vacation :)
>
>--
>Hendrik Scholz - <hscholz@raisdorf.net> - http://raisdorf.net/
>
>drag me, drop me - treat me like an object
>
>To Unsubscribe: send mail to majordomo@FreeBSD.org
>with "unsubscribe freebsd-security" in the body of the message

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message

Relevant Pages

  • audit-packages like program for FreeBSD?
    ... The script can be run by the daily cron job and then checks if one of the installed packages is mentioned in the list of vulnerable packages. ... If so it reports package name, version, type of bug and an URL to an advisory as part of the cron report. ... A script that crawls through the ports cvs tree and checking for ports marked forbidden since the last run would be a good start but for unmaintained ports bugtraq/vuln-watch/... ... Perl would do fine for this job but as Perl isn't in the base system anymore a shell script or c program would be better if it should be possible to run this as part of the daily cron job. ...
    (FreeBSD-Security)
  • Re: CLARITY re: challenge: end of life for 6.2 is prematurewithbuggy 6.3
    ... If the new php package works fine on your build box, ... For most of the ports this works, ... Even debian has no plus point there (at least in our environment at ... I've had a disk down of course it was in gmirror and the situation ...
    (freebsd-stable)
  • Re: CLARITY re: challenge: end of life for 6.2 is prematurewithbuggy 6.3
    ... If the new php package works fine on your build box, ... For most of the ports this works, ... just my effort with debian is much smaller than fbsd ports. ... I've had a disk down of course it was in gmirror and the situation ...
    (freebsd-stable)
  • Re: YAPIB (was: Drawing graphics on terminal)
    ... > the whole install gets rolled back, and you have to start again ... > package sources without having to go bug the "Official FreeBSD FTP Package ... database, a remote database maintained by FBSD folks, a smaller footprint ... ports where you could specify FROM_PACKAGES or FROM_SOURCE either on the ...
    (freebsd-hackers)
  • Re: Need to build some systems this week. Snapshots?
    ... I then brought in the "freebsd-update" package to update the system, ... So, I changed /etc/rc.conf, rebooted, and ran freebsd-update again. ... wanted to bring in as ports, ... You see, because no updated binary package was available, and I had to ...
    (freebsd-stable)