local security checks for Gentoo Linux
David Maciejak
dmaciejak at exaprobe.com
Mon Aug 16 04:55:32 EDT 2004
> -----Message d'origine-----
> De : nessus-bounces at list.nessus.org [mailto:nessus-
> bounces at list.nessus.org] De la part de Michel Arboi
> Envoyé : dimanche 15 août 2004 18:40
> À : Darren Spruell
> Cc : nessus at list.nessus.org
> Objet : Re: local security checks for Gentoo Linux
>
> On Mon Aug 09 2004 at 16:24, Darren Spruell wrote:
>
> > Has there been any work on creating similar checks under Gentoo Linux
> > yet?
>
> Not a week ago when you asked, but I'd just added something in
> ssh_get_info.nasl (which will not work until it is signed again)
>
> > Gentoo has a nice set of utilities for package management, version
> > checks, etc. They also have a structured security announcment setup,
> > (GLSAs) so it should be pretty easy.
>
> The result from qpkg -I -v is stored in the Host/Gentoo/qpkg KB entry.
> If qpkg (from app-portage/gentoolkit) is not installed, the plugin
> runs emerge and tries to convert the output to qpkg format.
>
It would be better to exec
find /var/db/pkg/ -mindepth 2 -maxdepth 2 -printf "%P "
in this case we don’t need gentoolkit
> Now, all we just have to write a nice function to check if an old
> vulnerable version of a package is installed.
> Something like freebsd_package.inc I suppose...
Yes, just a few ligns to modify
David Maciejak
More information about the Nessus
mailing list