[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security notification script

On Mon, Aug 26, 2002 at 09:31:34PM +0100, Rob Bradford wrote:
> I have written a python script that allows you to compares locally
> installed  packages with those on security.debian.org. Furthermore it
> provides a description of the problem/DSA name if the package is
> mentioned in the DSA RDF.
	Notice that the RDF does not include *all* the DSAs, just the latest
(10?). Thus, if there is a week with *many* security updates your script might
miss vulnerable packages if not run daily.

> The script is intended to be run as a normal user in a crontab, and thus
> produces no output if the system is completely upto date.
> You will need to install python2.2 and python2.2-xml prior to using the
> script which can be found at
> http://www.robster.org.uk/files/security-update-check.py

Why Python? If you plan this script to be included in Debian-standard (such
as the cron task in checksecurity) python is out of the question. 
Could you write it in Perl? 

> Any feedbacl/ideas would be much appreciated. I plan to make some minor
> changes and package this up later this week :)

Well, it's already done. Check out Tiger: 
The problem with Tiger is that it has to be updated (both by the maintainer and the
administrator) to work effectively until a create a 'tiger-signatures' package that
can be updated regularly. 

But probably a stand-alone script is a good idea, it would appreciate it better
in another language. You cannot consider installing python in a production
environment where it's not really need it. Tiger, for example, is completely
shell-based (does not even need Perl).



Attachment: pgpm8nc0BObLp.pgp
Description: PGP signature

Reply to: