From owner-freebsd-security Fri Dec 15 17: 1: 1 2000 From owner-freebsd-security@FreeBSD.ORG Fri Dec 15 17:00:56 2000 Return-Path: Delivered-To: freebsd-security@freebsd.org Received: from daedalus.cs.brandeis.edu (daedalus.cs.brandeis.edu [129.64.3.179]) by hub.freebsd.org (Postfix) with ESMTP id D972737B402 for ; Fri, 15 Dec 2000 17:00:55 -0800 (PST) Received: from localhost (meshko@localhost) by daedalus.cs.brandeis.edu (8.9.3/8.9.3) with ESMTP id UAA01777; Fri, 15 Dec 2000 20:00:47 -0500 Date: Fri, 15 Dec 2000 20:00:47 -0500 (EST) From: Mikhail Kruk To: Anil Jangity Cc: jrz , Subject: Re: Security Update Tool.. In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: meshko@daedalus.cs.brandeis.edu Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org I'm not sure that many people would like that kind of automation, but what is really missing IMHO is ability to mark ports whichs are insecure and add some option to pkg_info which will check all installed packages. I think OpenBSD has exacty this, no? > I think he was looking for something a little more "automated". Something > like IE's "Window's update" for freebsd ;-) > > I don't think its too difficult to do this, all you do is do ident on any > binaries that are on the local system and compare the version with the > version string in the advisories... the advisory might need some > formatting changes? > > just thinking out loud. > > > Fri, 15 Dec 2000 (4:41pm -0800) Message: > > @ >> My question is, is there a util yet that in theory (maybe if so, or if > @ >> someone writes one would work differently than what I'm imagining) queries a > @ >> central database with all the security advisories, checks the local system > @ >> for comparisons and vulnerabilities against that database and reports to the > @ >> user who ran the util. > @ >> > @ >> ie, sacheck -H sa-host.freebsd.org > @ > @ would be fairly easy to write a shell or perl script that checks for current > @ advisories and prints it out in pretty format. > @ > @ -jrz > @ > @ > @ > @ --- > @ Jacob Zehnder | Systems Engineer > @ CNM Network | http://www.cnmnetwork.com > @ business: jrz@cnmnetwork.com > @ other: jrz@rackmount.org > @ --- > @ "Where am I, and what am I doing in this handbasket?" > @ > @ > @ > @ To Unsubscribe: send mail to majordomo@FreeBSD.org > @ with "unsubscribe freebsd-security" in the body of the message > @ > @ > > > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-security" in the body of the message > To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message