On Mon, Sep 02, 2002 at 02:07:34PM +0200, Javier Fernández-Sanguino Peña wrote: > On Mon, Aug 26, 2002 at 09:31:34PM +0100, Rob Bradford wrote: > > I have written a python script that allows you to compares locally > > installed packages with those on security.debian.org. Furthermore it > > provides a description of the problem/DSA name if the package is > > mentioned in the DSA RDF. > > > Notice that the RDF does not include *all* the DSAs, just the latest > (10?). Thus, if there is a week with *many* security updates your script might > miss vulnerable packages if not run daily.
That is a good point. Is it possible to get this kind of information from elsewhere (yes it is possible to dig it out of the html-pages) in a similar (easy) manner? > > The script is intended to be run as a normal user in a crontab, and thus > > produces no output if the system is completely upto date. > > > > You will need to install python2.2 and python2.2-xml prior to using the > > script which can be found at > > http://www.robster.org.uk/files/security-update-check.py > > > > Why Python? If you plan this script to be included in Debian-standard (such > as the cron task in checksecurity) python is out of the question. > Could you write it in Perl? Well I do not think it is suitable for standard (yet). It is a little bit too non-mature for that. But I could rewrite his (I'm not the author) code into perl if that is really needed. But of course it should be better to write it in shell-code but that is not that easy as to use xml interfaces within perl or python. > > Any feedbacl/ideas would be much appreciated. I plan to make some minor > > changes and package this up later this week :) > > > > Well, it's already done. Check out Tiger: > http://www.debian.org/doc/manuals/securing-debian-howto/ch9.en.html#s-keep-up-to-date > The problem with Tiger is that it has to be updated (both by the maintainer > and the > administrator) to work effectively until a create a 'tiger-signatures' > package that > can be updated regularly. It is about the same problem as harden-*flaws. > But probably a stand-alone script is a good idea, it would appreciate it > better > in another language. You cannot consider installing python in a production > environment where it's not really need it. Tiger, for example, is completely > shell-based (does not even need Perl). Good point. Regards, // Ola > Regards > > Javi -- --------------------- Ola Lundqvist --------------------------- / [EMAIL PROTECTED] Björnkärrsgatan 5 A.11 \ | [EMAIL PROTECTED] 584 36 LINKÖPING | | +46 (0)13-17 69 83 +46 (0)70-332 1551 | | http://www.opal.dhs.org UIN/icq: 4912500 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
