Initial import of a package to scan a vulnerability list, looking for

installed packages which are insecure and open to exploitation.

The original idea came from Roland Dowdeswell and Bill Sommerfeld, quite
independently, the unorthodox implementation by me.

This package contains two scripts:
(1) download-vulnerability-list, which downloads a list of vulnerable
packages from the NetBSD ftp server, and
(2) audit-packages, which scans all the packages installed on the
local machine, looking for packages which are vulnerable.

1 files changed, 29 insertions, 0 deletions

diff --git a/security/audit-packages/Makefile b/security/audit-packages/Makefile
new file mode 100644
index 00000000000..2a13a4d12e1
--- /dev/null
+++ b/security/audit-packages/Makefile
@@ -0,0 +1,29 @@
+# $NetBSD: Makefile,v 1.1.1.1 2000/09/19 19:23:17 agc Exp $
+
+DISTNAME=	audit-packages-1.0
+CATEGORIES=	security pkgtools
+MASTER_SITES=	# empty
+DISTFILES=	# empty
+
+MAINTAINER=	agc@netbsd.org
+
+WRKSRC=		${WRKDIR}
+NO_CHECKSUM=    yes
+NO_BUILD=	yes
+NO_MTREE=	yes
+
+do-configure:
+	@for f in audit-packages download-vulnerability-list; do		\
+		${SED} -e 's|\$${DISTDIR}|${DISTDIR}|g' 		\
+			-e 's|\$${AWK}|${AWK}|g'			\
+			-e 's|\$${FETCH_CMD}|${FETCH_CMD}|g'		\
+			-e 's|\$${PKG_INFO}|${PKG_INFO}|g'		\
+			${FILESDIR}/$$f > ${WRKSRC}/$$f;		\
+	done
+
+do-install:
+	@for f in audit-packages download-vulnerability-list; do		\
+		${BSD_INSTALL_SCRIPT} ${WRKSRC}/$$f ${PREFIX}/sbin;	\
+	done
+
+.include "../../mk/bsd.pkg.mk"