Date: Tue, 21 Aug 2012 07:04:47 +1000 From: Peter Jeremy <peter@rulingia.com> To: Paul Schenkeveld <freebsd@psconsult.nl> Cc: freebsd-security@freebsd.org Subject: Re: getting the running patch level Message-ID: <20120820210447.GB27130@aspire.rulingia.com> In-Reply-To: <20120819144637.GA17778@psconsult.nl> References: <31946.192.168.0.107.1344505442.squirrel@mail.redix.it:443> <20120819144637.GA17778@psconsult.nl>
next in thread | previous in thread | raw e-mail | index | archive | help
--kXdP64Ggrk/fb43R Content-Type: text/plain; charset=us-ascii Content-Disposition: inline Content-Transfer-Encoding: quoted-printable On 2012-Aug-19 16:46:37 +0200, Paul Schenkeveld <freebsd@psconsult.nl> wrot= e: > - Teach both installworld and freebsd-update to maintain manifest > files of what is installed and log that update, place all manifests > somewhere under /var/db and the update log in /var/log. I'm not sure what detail you intend here. One line per installworld or similar sounds OK. One line per file seems excessive - especially if you intend to retain history ("df -ki" suggests that a base install is around 30,000 files). > - Having manifests of what's installed, one could check if all files > are stil the right version, if older manifests are not discarded > when performing an update this could also detect files that were > not updated for whatever reason or that were reverted, i.e. by > restoring some backup. E.g.: > > Current userland version: 8.3-RELEASE-p4 > /usr/sbin/named is at 8.3-RELEASE-p2 > /usr/bin/openssl is at 8.3-RELEASE How do you envisage this tool determining that /usr/sbin/foo is at 8.3-RELEASE-p2 and this is incorrect when userland is at (eg) 8.3-RELEASE-p4? Note that updating your system from 8.3-RELEASE-p2 to 8.3-RELEASE-p4 may not change /usr/sbin/foo and therefore it will remain untouched. >The /etc/issue file mentioned several times in this thread is like motd >but intended to be shown before a login prompt. This works for console >logins (getty) but not for remote logins. SSH includes provision for displaying information prior to login - see the "Banner" option in sshd_config. Note that this is most definitely the wrong place to include system version details. --=20 Peter Jeremy --kXdP64Ggrk/fb43R Content-Type: application/pgp-signature -----BEGIN PGP SIGNATURE----- Version: GnuPG v2.0.19 (FreeBSD) iEYEARECAAYFAlAypm8ACgkQ/opHv/APuIdJ5ACeMNFbmDyks/bni7oOYELRc/A/ zRYAoLQEjQHx8s5718YGvF0F82XzTuTu =jh8H -----END PGP SIGNATURE----- --kXdP64Ggrk/fb43R--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20120820210447.GB27130>