Date: Tue, 30 Jul 2002 10:05:34 +1000 From: Hendrik Scholz <hscholz@raisdorf.net> To: freebsd-security@freebsd.org Subject: audit-packages like program for FreeBSD? Message-ID: <20020730000534.84D0067B06@deimos.raisdorf.net>
next in thread | raw e-mail | index | archive | help
Hi! While using NetBSD I discovered the audit-packages package. Basicly it consists of a script and a text file. The text file contains information about packages/ports that are vulnerable to any kind of remote/local/dos attack. The script can be run by the daily cron job and then checks if one of the installed packages is mentioned in the list of vulnerable packages. If so it reports package name, version, type of bug and an URL to an advisory as part of the cron report. The text-file can be updated with ftp/wget/... As I've been thinking about this I just want to know if someone is interested in this for FreeBSD? Writing the script itself should be no problem for me but maintaining the vulnerability database could become difficult as the number of ports grow. A script that crawls through the ports cvs tree and checking for ports marked forbidden since the last run would be a good start but for unmaintained ports bugtraq/vuln-watch/... has to be read. Any ideas how to get more input? Which language to use? Perl would do fine for this job but as Perl isn't in the base system anymore a shell script or c program would be better if it should be possible to run this as part of the daily cron job. If I start with this what language should I use? Thanks for all comments, Hendrik P.S. I won't be able to answer all questions immediatly as I'm on vacation :) -- Hendrik Scholz - <hscholz@raisdorf.net> - http://raisdorf.net/ drag me, drop me - treat me like an object To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20020730000534.84D0067B06>