On Mon, Aug 26, 2002 at 09:31:34PM +0100, Rob Bradford wrote: > I have written a python script that allows you to compares locally > installed packages with those on security.debian.org. Furthermore it > provides a description of the problem/DSA name if the package is > mentioned in the DSA RDF. > Notice that the RDF does not include *all* the DSAs, just the latest (10?). Thus, if there is a week with *many* security updates your script might miss vulnerable packages if not run daily. > The script is intended to be run as a normal user in a crontab, and thus > produces no output if the system is completely upto date. > > You will need to install python2.2 and python2.2-xml prior to using the > script which can be found at > http://www.robster.org.uk/files/security-update-check.py > Why Python? If you plan this script to be included in Debian-standard (such as the cron task in checksecurity) python is out of the question. Could you write it in Perl? > Any feedbacl/ideas would be much appreciated. I plan to make some minor > changes and package this up later this week :) > Well, it's already done. Check out Tiger: http://www.debian.org/doc/manuals/securing-debian-howto/ch9.en.html#s-keep-up-to-date The problem with Tiger is that it has to be updated (both by the maintainer and the administrator) to work effectively until a create a 'tiger-signatures' package that can be updated regularly. But probably a stand-alone script is a good idea, it would appreciate it better in another language. You cannot consider installing python in a production environment where it's not really need it. Tiger, for example, is completely shell-based (does not even need Perl). Regards Javi
Attachment:
pgpm8nc0BObLp.pgp
Description: PGP signature