local security checks for Gentoo Linux
Michel Arboi
mikhail at nessus.org
Sun Aug 15 12:40:17 EDT 2004
On Mon Aug 09 2004 at 16:24, Darren Spruell wrote:
> Has there been any work on creating similar checks under Gentoo Linux
> yet?
Not a week ago when you asked, but I'd just added something in
ssh_get_info.nasl (which will not work until it is signed again)
> Gentoo has a nice set of utilities for package management, version
> checks, etc. They also have a structured security announcment setup,
> (GLSAs) so it should be pretty easy.
The result from qpkg -I -v is stored in the Host/Gentoo/qpkg KB entry.
If qpkg (from app-portage/gentoolkit) is not installed, the plugin
runs emerge and tries to convert the output to qpkg format.
Now, all we just have to write a nice function to check if an old
vulnerable version of a package is installed.
Something like freebsd_package.inc I suppose...
--
arboi at alussinan.org http://arboi.da.ru
FAQNOPI de fr.comp.securite http://faqnopi.da.ru/
NASL2 reference manual http://michel.arboi.free.fr/nasl2ref/
More information about the Nessus
mailing list