summaryrefslogtreecommitdiff
path: root/security/audit-packages
AgeCommit message (Collapse)AuthorFilesLines
2001-06-25Apply patch from pkg/13295; seems not to hurt NetBSD, and should helpwiz3-5/+6
Solaris. Bump to 1.10.
2001-06-06Fix warning output if new file is smaller than old one.wiz2-3/+3
Noted by Kimmo Suominen. Bump to 1.9.
2001-04-27Update audit-packages to 1.8:agc2-4/+10
Fix a problem which occurs if the vulnerability list does not already exist. This fixes PR 12763 from Brian de Alwis (bsd@cs.ubc.ca), albeit in a slightly different manner. (I also added a check for the existence of the new vulnerabilities file, in case it was not downloaded for some reason).
2001-04-24Update to version 1.7 of audit-packages.agc3-12/+14
Incorporates the following changes from Anne Bennett (anne@alcor.concordia.ca) in PR 12538: (1) Running download-vulnerability-list as it stands from cron will spam the sysadmin with ftp output. Easy to fix: redirect output to /dev/null as per the example in pkg/MESSAGE. Problem: now we lose some error messages as well. Patch: make sure error complaints in that script are spouted to STDERR, not STDOUT. (3) Minor readability issue: set the source location for the vulnerability list in a variable at the top of the script. (4) PR 12457 reported that audit-packages complained spuriously when the vulnerability list had not been updated in over a week, and suggested touching it as a solution. This loses the information of when the file was really last updated. I'd prefer to always "mv" the new file into place, and use mtime instead of ctime in the file freshness test. I did this part of the PR differently, as I was worried about incomplete vulnerability lists being downloaded, and overwriting an existing vulnerability list: (2) ftp failure in download-vulnerability-list is not being detected properly by the current "${FETCH_CMD} .. || (complain; exit 1)" test. Patch: test for a non-zero vulnerability file instead. Don't forget to remove any zero-length droppings, if any. We know that the vulnerability list size will increase, and not decrease, so test the size of the newly-downloaded file. If the new file is smaller than the existing file, then a bad transfer has taken place - log this fact, and remove the new list.
2001-04-02Bump audit-packages to 1.6.agc2-6/+8
Always touch the downloaded vulnerability list, so that the audit-packages script doesn't moan erroneously. From Jim Bernard, in PR 12457.
2001-03-27Clean up temporary vulnerabilities file, if it's the same as the existingagc2-2/+4
one - addresses 2nd part of PR 12457, from Jim Bernard.
2001-03-20Update the download-vulnerability-list script to check for theagc2-4/+9
existence of ${DISTDIR}, and to create it if it doesn't exist. This is for machines built with binary packages, which lack pkgsrc, but this way preserves the location of the vulnerabilities file. Addresses PR 12367
2001-02-22add a MESSAGE suggesting that the package audit be added to /etc/security.localdmcmahill1-0/+21
and the vulnerabilities file be downloaded via cron every day.
2001-02-17Update to new COMMENT style: COMMENT var in Makefile instead of pkg/COMMENT.wiz2-2/+2
2000-11-11touch vulnerability list after update, to make audit-package happieritojun2-3/+5
when vulnerability list is not updated for more than a week. solves PR 11463 (there are other ways to solve this, i'm open to your opinion).
2000-10-26audit-packages 1.2:sommerfeld2-4/+12
check if vulnerabilities file is more than a week old, and whine if it is whine to stderr rather than stdout
2000-10-02Update to 1.1 - Give a slightly more friendly error message if vulnerabilitiesabs2-2/+7
file not present.
2000-09-19Initial import of a package to scan a vulnerability list, looking foragc6-0/+66
installed packages which are insecure and open to exploitation. The original idea came from Roland Dowdeswell and Bill Sommerfeld, quite independently, the unorthodox implementation by me. This package contains two scripts: (1) download-vulnerability-list, which downloads a list of vulnerable packages from the NetBSD ftp server, and (2) audit-packages, which scans all the packages installed on the local machine, looking for packages which are vulnerable.