From owner-freebsd-security Thu Sep 21 0:45:50 2000 Delivered-To: freebsd-security@freebsd.org Received: from jamus.xpert.com (jamus.xpert.com [199.203.132.17]) by hub.freebsd.org (Postfix) with ESMTP id AED4937B422; Thu, 21 Sep 2000 00:45:43 -0700 (PDT) Received: from roman (helo=localhost) by jamus.xpert.com with local-esmtp (Exim 3.12 #5) id 13c13F-0007yL-00; Thu, 21 Sep 2000 09:45:49 +0200 Date: Thu, 21 Sep 2000 09:45:49 +0200 (IST) From: Roman Shterenzon To: Kris Kennaway Cc: freebsd-security@freebsd.org Subject: Re: Package Vulnerability scanner (CVS commit: pkgsrc (fwd)) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I can build a perl script which will: 1) download advisories 2) pgp check them 3) check the a)pkg version (if fixed in later version) b)install date of a package (if fixed only in ports) vs. the "fixed" date in the advisory. 4) optional - delete and install newer version. is it what you have proposed? On Wed, 20 Sep 2000, Kris Kennaway wrote: > Anyone care to adapt this for FreeBSD? I don't have time right now. > > Kris > > -- > In God we Trust -- all others must submit an X.509 certificate. > -- Charles Forsythe > > ---------- Forwarded message ---------- > Date: Tue, 19 Sep 2000 22:23:17 +0300 (EEST) > From: Alistair G. Crooks > To: source-changes@netbsd.org > Subject: CVS commit: pkgsrc > > > Module Name: pkgsrc > Committed By: agc > Date: Tue Sep 19 19:23:17 UTC 2000 > > Update of /cvsroot/pkgsrc/security/audit-packages > In directory netbsd.hut.fi:/tmp/cvs-serv6663 > > Log Message: > Initial import of a package to scan a vulnerability list, looking for > installed packages which are insecure and open to exploitation. > > The original idea came from Roland Dowdeswell and Bill Sommerfeld, quite > independently, the unorthodox implementation by me. > > This package contains two scripts: > (1) download-vulnerability-list, which downloads a list of vulnerable > packages from the NetBSD ftp server, and > (2) audit-packages, which scans all the packages installed on the > local machine, looking for packages which are vulnerable. > > Status: > > Vendor Tag: TNF > Release Tags: pkgsrc-base > > N pkgsrc/security/audit-packages/Makefile > N pkgsrc/security/audit-packages/files/download-vulnerability-list > N pkgsrc/security/audit-packages/files/audit-packages > N pkgsrc/security/audit-packages/pkg/COMMENT > N pkgsrc/security/audit-packages/pkg/DESCR > N pkgsrc/security/audit-packages/pkg/PLIST > > No conflicts created by this import > > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > --Roman Shterenzon, UNIX System Administrator and Consultant [ Xpert UNIX Systems Ltd., Herzlia, Israel. Tel: +972-9-9522361 ] To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message