Re: Security notification script

To: debian-devel@lists.debian.org
Subject: Re: Security notification script
From: Ola Lundqvist <opal@debian.org>
Date: Mon, 2 Sep 2002 14:29:37 +0200
Message-id: <[🔎] 20020902122937.GB1534@chrystal.opal.dhs.org>
Mail-followup-to: Ola Lundqvist <opal@debian.org>, debian-devel@lists.debian.org
Reply-to: opal@debian.org
In-reply-to: <[🔎] 20020902120734.GD21391@dat.etsit.upm.es>
References: <1030393895.4176.22.camel@poseidon> <[🔎] 20020902120734.GD21391@dat.etsit.upm.es>

On Mon, Sep 02, 2002 at 02:07:34PM +0200, Javier Fernández-Sanguino Peña wrote:
> On Mon, Aug 26, 2002 at 09:31:34PM +0100, Rob Bradford wrote:
> > I have written a python script that allows you to compares locally
> > installed  packages with those on security.debian.org. Furthermore it
> > provides a description of the problem/DSA name if the package is
> > mentioned in the DSA RDF.
> > 
> 	Notice that the RDF does not include *all* the DSAs, just the latest
> (10?). Thus, if there is a week with *many* security updates your script might
> miss vulnerable packages if not run daily.

That is a good point. Is it possible to get this kind of information from
elsewhere (yes it is possible to dig it out of the html-pages) in a
similar (easy) manner?

> > The script is intended to be run as a normal user in a crontab, and thus
> > produces no output if the system is completely upto date.
> > 
> > You will need to install python2.2 and python2.2-xml prior to using the
> > script which can be found at
> > http://www.robster.org.uk/files/security-update-check.py
> > 
> 
> Why Python? If you plan this script to be included in Debian-standard (such
> as the cron task in checksecurity) python is out of the question. 
> Could you write it in Perl? 

Well I do not think it is suitable for standard (yet). It is a little bit
too non-mature for that. But I could rewrite his (I'm not the author) code
into perl if that is really needed.

But of course it should be better to write it in shell-code but that is
not that easy as to use xml interfaces within perl or python.

> > Any feedbacl/ideas would be much appreciated. I plan to make some minor
> > changes and package this up later this week :)
> > 
> 
> Well, it's already done. Check out Tiger: 
> http://www.debian.org/doc/manuals/securing-debian-howto/ch9.en.html#s-keep-up-to-date
> The problem with Tiger is that it has to be updated (both by the maintainer and the
> administrator) to work effectively until a create a 'tiger-signatures' package that
> can be updated regularly. 

It is about the same problem as harden-*flaws.

> But probably a stand-alone script is a good idea, it would appreciate it better
> in another language. You cannot consider installing python in a production
> environment where it's not really need it. Tiger, for example, is completely
> shell-based (does not even need Perl).

Good point.

Regards,

// Ola

> 	Regards
> 
> 	Javi



-- 
 --------------------- Ola Lundqvist ---------------------------
/  opal@debian.org                     Björnkärrsgatan 5 A.11   \
|  opal@lysator.liu.se                 584 36 LINKÖPING         |
|  +46 (0)13-17 69 83                  +46 (0)70-332 1551       |
|  http://www.opal.dhs.org             UIN/icq: 4912500         |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---------------------------------------------------------------

Reply to:

References:
- Re: Security notification script
  - From: Javier Fernández-Sanguino Peña <jfs@computer.org>

Prev by Date: Re: Improper NMU (Re: NMU for libquota-perl)
Next by Date: Re: Improper NMU (Re: NMU for libquota-perl)
Previous by thread: Re: Security notification script
Next by thread: Re: Security notification script
Index(es):
- Date
- Thread