From owner-freebsd-questions@FreeBSD.ORG  Tue May  5 18:10:29 2009
Return-Path: <owner-freebsd-questions@FreeBSD.ORG>
Delivered-To: freebsd-questions@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id 1838E1065676
	for <freebsd-questions@freebsd.org>;
	Tue,  5 May 2009 18:10:29 +0000 (UTC)
	(envelope-from mel.flynn+fbsd.questions@mailing.thruhere.net)
Received: from mailhub.rachie.is-a-geek.net (rachie.is-a-geek.net
	[66.230.99.27]) by mx1.freebsd.org (Postfix) with ESMTP id DC9EB8FC0C
	for <freebsd-questions@freebsd.org>;
	Tue,  5 May 2009 18:10:28 +0000 (UTC)
	(envelope-from mel.flynn+fbsd.questions@mailing.thruhere.net)
Received: from sarevok.dnr.servegame.org (mailhub.lan.rachie.is-a-geek.net
	[192.168.2.11])
	by mailhub.rachie.is-a-geek.net (Postfix) with ESMTP id BF7037E837;
	Tue,  5 May 2009 10:10:27 -0800 (AKDT)
From: Mel Flynn <mel.flynn+fbsd.questions@mailing.thruhere.net>
To: freebsd-questions@freebsd.org
Date: Tue, 5 May 2009 20:10:26 +0200
User-Agent: KMail/1.11.2 (FreeBSD/8.0-CURRENT; KDE/4.2.2; i386; ; )
References: <49FC4186.80608@virtualhost.nl>
In-Reply-To: <49FC4186.80608@virtualhost.nl>
MIME-Version: 1.0
Content-Type: Text/Plain;
  charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200905052010.26393.mel.flynn+fbsd.questions@mailing.thruhere.net>
Cc: Jeroen Hofstee <freebsd.questions@virtualhost.nl>
Subject: Re: local security scanner for vulnerable common opensource www
	projects
X-BeenThere: freebsd-questions@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: User questions <freebsd-questions.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-questions>
List-Post: <mailto:freebsd-questions@freebsd.org>
List-Help: <mailto:freebsd-questions-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-questions>, 
	<mailto:freebsd-questions-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Tue, 05 May 2009 18:10:29 -0000

On Saturday 02 May 2009 14:50:14 Jeroen Hofstee wrote:
> I tried to find a program which could scan the local filesystem and
> extract a lists of well known
> web projects (yoomla, wordpress etc), extract the installed version
> number and match it against
> a database of known vulnerabilities. Similiar to portaudit, but then for
> the standard scripts users
> install themselves. I was unable to find such a program in the ports.
>
> Does such an utilities exists for FreeBSD ?

Not that I'm aware of and it's hell to write and keep current.
There's 2 good policies for this kind of thing:
- Don't allow any plugins of any kind to be installed via CMS/Gallery software 
etc. and deal with the complaints
- Put them in a seperate jail and make sure client understands he's 
responsible for getting hacked and loosing hours of work by installing unsafe 
plugins.

-- 
Mel