diff options
| -rw-r--r-- | security/audit-packages/Makefile | 29 | ||||
| -rwxr-xr-x | security/audit-packages/files/audit-packages | 10 | ||||
| -rw-r--r-- | security/audit-packages/files/download-vulnerability-list | 11 | ||||
| -rw-r--r-- | security/audit-packages/pkg/COMMENT | 1 | ||||
| -rw-r--r-- | security/audit-packages/pkg/DESCR | 12 | ||||
| -rw-r--r-- | security/audit-packages/pkg/PLIST | 3 |
6 files changed, 66 insertions, 0 deletions
diff --git a/security/audit-packages/Makefile b/security/audit-packages/Makefile new file mode 100644 index 00000000000..2a13a4d12e1 --- /dev/null +++ b/security/audit-packages/Makefile @@ -0,0 +1,29 @@ +# $NetBSD: Makefile,v 1.1.1.1 2000/09/19 19:23:17 agc Exp $ + +DISTNAME= audit-packages-1.0 +CATEGORIES= security pkgtools +MASTER_SITES= # empty +DISTFILES= # empty + +MAINTAINER= agc@netbsd.org + +WRKSRC= ${WRKDIR} +NO_CHECKSUM= yes +NO_BUILD= yes +NO_MTREE= yes + +do-configure: + @for f in audit-packages download-vulnerability-list; do \ + ${SED} -e 's|\$${DISTDIR}|${DISTDIR}|g' \ + -e 's|\$${AWK}|${AWK}|g' \ + -e 's|\$${FETCH_CMD}|${FETCH_CMD}|g' \ + -e 's|\$${PKG_INFO}|${PKG_INFO}|g' \ + ${FILESDIR}/$$f > ${WRKSRC}/$$f; \ + done + +do-install: + @for f in audit-packages download-vulnerability-list; do \ + ${BSD_INSTALL_SCRIPT} ${WRKSRC}/$$f ${PREFIX}/sbin; \ + done + +.include "../../mk/bsd.pkg.mk" diff --git a/security/audit-packages/files/audit-packages b/security/audit-packages/files/audit-packages new file mode 100755 index 00000000000..cb08a0285c7 --- /dev/null +++ b/security/audit-packages/files/audit-packages @@ -0,0 +1,10 @@ +#! /bin/sh + +${AWK} ' + /^#.*/ { next } + NF == 0 { next } + { cmd = sprintf("${PKG_INFO} -qe \"%s\" && echo Package \"`${PKG_INFO} -e \"%s\"`\" has a %s vulnerability, see %s", $1, $1, $2, $3); + system(cmd); } +' ${DISTDIR}/vulnerabilities + +exit 0 diff --git a/security/audit-packages/files/download-vulnerability-list b/security/audit-packages/files/download-vulnerability-list new file mode 100644 index 00000000000..86270469396 --- /dev/null +++ b/security/audit-packages/files/download-vulnerability-list @@ -0,0 +1,11 @@ +#! /bin/sh + +NEW_VUL_LIST=${DISTDIR}/vulnerabilities.$$ + +${FETCH_CMD} -o ${NEW_VUL_LIST} ftp://ftp.netbsd.org/pub/NetBSD/packages/distfiles/vulnerabilities || \ + (echo "Can't download vulnerability list"; exit 1) + +/usr/bin/cmp -s ${NEW_VUL_LIST} ${DISTDIR}/vulnerabilities > /dev/null 2>&1 || \ + (/bin/mv ${NEW_VUL_LIST} ${DISTDIR}/vulnerabilities) + +exit 0 diff --git a/security/audit-packages/pkg/COMMENT b/security/audit-packages/pkg/COMMENT new file mode 100644 index 00000000000..a0b3ebeb1c3 --- /dev/null +++ b/security/audit-packages/pkg/COMMENT @@ -0,0 +1 @@ +tools to show vulnerabilities in installed packages diff --git a/security/audit-packages/pkg/DESCR b/security/audit-packages/pkg/DESCR new file mode 100644 index 00000000000..e583e4e65ad --- /dev/null +++ b/security/audit-packages/pkg/DESCR @@ -0,0 +1,12 @@ +The audit-packages tools provide two scripts: + +(1) download-vulnerability-list, an easy way to download a list of +security vulnerabilities which have been published. This list is kept +up to date by the NetBSD security officer. It is held at the +well-known URL: + +ftp://ftp.netbsd.org/pub/NetBSD/packages/distfiles/vulnerabilities + +(2) audit-packages, an easy way to audit the current machine, checking +each vulnerability listed by the security officer. If a vulnerable +package is installed, it will be shown by output to stdout. diff --git a/security/audit-packages/pkg/PLIST b/security/audit-packages/pkg/PLIST new file mode 100644 index 00000000000..3c712b29259 --- /dev/null +++ b/security/audit-packages/pkg/PLIST @@ -0,0 +1,3 @@ +@comment $NetBSD: PLIST,v 1.1.1.1 2000/09/19 19:23:17 agc Exp $ +sbin/audit-packages +sbin/download-vulnerability-list |