I have several hundred debian instances to care for, and they are monitored via Nagios. I would like to institute a regular test that checks each box against a list of security advisories, without running apt-get update several times a day on 300 boxes. Therefore I see a need for a machine readable DSA format. I know there's a defined format to the current header, but I'd like to expand on that. It will look something like: DSA: 536-1 Title: New libpng, libpng3 packages fix multiple vulnerabilities Date: 20040804 Upgrade-required: simple Vulnerability: several Problem-Type: local/remote Debian-specific: no CVE-Ids: CAN-2004-0597 CAN-2004-0598 CAN-2004-0599 CAN-2004-0768 Package: libpng Distribution: stable Architecture: any Binary: libpng2-dev, libpng2 Version: 1.0.12-3.woody.7 Package: libpng3 Distribution: stable Architecture: any Binary: libpng-dev, libpng3 Version: 1.2.1-1.1.woody.7 This can be easily distributed, parsed and compared to the package status database to determine which installed packages must be upgraded, and can raise an alert if required. I can script the generation of a MR-DSA from existing data, especially the DSA itself. Before I do: has anyone already done anything like this with DSAs, and would anyone be interested in using the resulting mechanism? Joshua. -- Joshua Goodall <joshua@myinternet.com.au> Solutions Architect / Principal Security Architect myinternet Limited.
Attachment:
pgpwmqXVSkeqN.pgp
Description: signature