aboutsummaryrefslogtreecommitdiffstats
path: root/security/portaudit
diff options
context:
space:
mode:
authoreik <eik@FreeBSD.org>2004-03-11 19:11:59 +0800
committereik <eik@FreeBSD.org>2004-03-11 19:11:59 +0800
commit7b0fd02dc061a1f332c5b1dd651e7e8905ee10c3 (patch)
tree426976fa120aeb9a2d5e173cfc92ca45fe688eb6 /security/portaudit
parentc52e2984fc85f2d3b70dbc20f3512e1dd6749f25 (diff)
downloadfreebsd-ports-gnome-7b0fd02dc061a1f332c5b1dd651e7e8905ee10c3.tar.gz
freebsd-ports-gnome-7b0fd02dc061a1f332c5b1dd651e7e8905ee10c3.tar.zst
freebsd-ports-gnome-7b0fd02dc061a1f332c5b1dd651e7e8905ee10c3.zip
Update to 0.3.
Since we are using the official VuXML database the auditing should be pretty complete. - mention web page - add more mirrors, disabling .ru mirror (too much lag) - allow combined options in portaudit shell script - add sample configuration file - use absolute paths for binaries, to ease use in crontab scripts [1] - correct type in man page [2] PR: 64005 [2] Submitted by: Tomasz Pilat <poncki@axelspringer.com.pl> [1] Nathan Dove <njdove@wafer.sandia.gov> [2]
Diffstat (limited to 'security/portaudit')
-rw-r--r--security/portaudit/Makefile10
-rw-r--r--security/portaudit/files/portaudit-cmd.sh75
-rw-r--r--security/portaudit/files/portaudit.119
-rw-r--r--security/portaudit/files/portaudit.conf24
-rw-r--r--security/portaudit/files/portaudit.functions68
-rw-r--r--security/portaudit/pkg-deinstall17
-rw-r--r--security/portaudit/pkg-descr5
-rw-r--r--security/portaudit/pkg-install12
-rw-r--r--security/portaudit/pkg-plist1
9 files changed, 145 insertions, 86 deletions
diff --git a/security/portaudit/Makefile b/security/portaudit/Makefile
index 8b186c098bf3..c574bff71052 100644
--- a/security/portaudit/Makefile
+++ b/security/portaudit/Makefile
@@ -6,7 +6,7 @@
#
PORTNAME= portaudit
-PORTVERSION= 0.2.1
+PORTVERSION= 0.3
CATEGORIES= security
DISTFILES=
@@ -36,17 +36,18 @@ RUN_DEPENDS= ${LOCALBASE}/sbin/pkg_info:${PORTSDIR}/sysutils/pkg_install-devel
.include <bsd.port.pre.mk>
-.if ${OSVERSION} < 420001 || ${OSVERSION} >= 500000 && ${OSVERSION} < 500014
-IGNORE= "You need tar with bzip support to run portaudit"
+.if defined(BZIP2DEPENDS)
+RUN_DEPENDS+= bzip2:${PORTSDIR}/archivers/bzip2
.endif
do-build:
-.for f in portaudit-cmd.sh portaudit.sh fetchaudit.sh portaudit.functions portaudit.1
+.for f in portaudit-cmd.sh portaudit.sh fetchaudit.sh portaudit.functions portaudit.1 portaudit.conf
@${SED} -e "s|%%DATADIR%%|${DATADIR}|g" \
-e "s|%%DATABASEDIR%%|${DATABASEDIR}|g" \
-e "s|%%PREFIX%%|${PREFIX}|g" \
-e "s|%%LOCALBASE%%|${LOCALBASE}|g" \
-e "s|%%PORTVERSION%%|${PORTVERSION}|g" \
+ -e "s|%%BZIP2_CMD%%|${BZIP2_CMD}|g" \
${FILESDIR}/${f} > ${WRKDIR}/${f}
.endfor
@@ -66,6 +67,7 @@ do-install:
@${INSTALL_SCRIPT} ${WRKDIR}/fetchaudit.sh ${PERIODICDIR}/daily/330.fetchaudit
@${MKDIR} ${DATADIR}
@${INSTALL_DATA} ${WRKDIR}/portaudit.functions ${DATADIR}
+ @${INSTALL_DATA} ${WRKDIR}/portaudit.conf ${PREFIX}/etc/portaudit.conf.sample
@${MKDIR} ${DATABASEDIR}
post-install:
diff --git a/security/portaudit/files/portaudit-cmd.sh b/security/portaudit/files/portaudit-cmd.sh
index 76b43ec458ae..7b48e0be3888 100644
--- a/security/portaudit/files/portaudit-cmd.sh
+++ b/security/portaudit/files/portaudit-cmd.sh
@@ -34,34 +34,57 @@
. %%DATADIR%%/portaudit.functions
portaudit_confs
+opt_audit=false
+opt_version=false
+opt_dbversion=false
+opt_fetch=false
+opt_quiet=false
+
if [ $# -eq 0 ] ; then
- portaudit_prerequisites
- audit_installed || true
+ opt_audit=true
fi
-while [ $# -gt 0 ]; do
- case "$1" in
- -a)
- portaudit_prerequisites
- audit_installed || true
- ;;
- -V)
- echo "portaudit version %%PORTVERSION%%"
- ;;
- -d)
- if [ ! -f "${portaudit_dir}/${portaudit_filename}" ]; then
- echo "portaudit: database missing. run \`portaudit -F' to update."
- exit 2
- fi
- if ! checksum_auditfile; then
- echo "portaudit: database corrupt."
- exit 2
- fi
- echo "database created: `getcreated_auditfile`"
- ;;
- -F)
- fetch_auditfile || echo "failed."
- ;;
+while getopts aVdFq opt; do
+ case "$opt" in
+ a)
+ opt_audit=true;;
+ d)
+ opt_dbversion=true;;
+ F)
+ opt_fetch=true;;
+ q)
+ opt_quiet=true;;
+ V)
+ opt_version=true;;
+ ?)
+ echo "Usage: $0 -adFqV"
+ exit 2;;
esac
- shift
done
+
+shift $(($OPTIND - 1))
+
+if $opt_version; then
+ echo "portaudit version %%PORTVERSION%%"
+fi
+
+if $opt_fetch; then
+ fetch_auditfile || echo "failed."
+fi
+
+if $opt_dbversion; then
+ if [ ! -f "${portaudit_dir}/${portaudit_filename}" ]; then
+ echo "portaudit: database missing. run \`portaudit -F' to update."
+ exit 2
+ fi
+ if ! checksum_auditfile; then
+ echo "portaudit: database corrupt."
+ exit 2
+ fi
+ echo "database created: `getcreated_auditfile`"
+fi
+
+if $opt_audit; then
+ portaudit_prerequisites
+ audit_installed || true
+fi
diff --git a/security/portaudit/files/portaudit.1 b/security/portaudit/files/portaudit.1
index c5e6e949d18b..4950ff868b2f 100644
--- a/security/portaudit/files/portaudit.1
+++ b/security/portaudit/files/portaudit.1
@@ -28,7 +28,7 @@
.\"
.\" $FreeBSD$
.\"
-.Dd February 21, 2004
+.Dd March 11, 2004
.Os FreeBSD
.Dt PORTAUDIT \&1 "FreeBSD ports collection"
.
@@ -60,12 +60,12 @@ to check if security advisories for any installed packages exist. Note that a
current ports tree (or any local copy of the ports tree) is not required for
operation.
.Pp
-This package also installs two scripts into %%PREFIX%%/periodic that regularly
-update this database and include the report of vulnerable packages in the
-daily security report.
+This package also installs two scripts into %%PREFIX%%/etc/periodic that
+regularly update this database and include the report of vulnerable packages
+in the daily security report.
.Pp
If you have a vulnerable package installed, you are advised to update or
-deinstalled it immediately.
+deinstall it immediately.
.
.
.Sh OPTIONS
@@ -110,15 +110,16 @@ Print a vulnerability report for all installed packages:
.Xr ports 7 ,
.Xr periodic 8 ,
.Xr periodic.conf 5 ,
-.Li Aq http://www.freebsd.org/security/#adv .
+.Li Aq http://people.freebsd.org/~eik/portaudit/ ,
+.Li Aq http://www.freebsd.org/security/#adv ,
.Li Aq http://www.vuxml.org/ .
.
.
.Sh CAVEATS
.
-.Nm
-is in develpoment and should currently not be relied upon
-as an extensive security auditing tool.
+The format of
+.Pa %%DATABASEDIR%%/auditfile.tbz
+might change.
.
.
.Sh BUGS
diff --git a/security/portaudit/files/portaudit.conf b/security/portaudit/files/portaudit.conf
new file mode 100644
index 000000000000..612d86357bd7
--- /dev/null
+++ b/security/portaudit/files/portaudit.conf
@@ -0,0 +1,24 @@
+#
+# Sample configuration file for portaudit(1)
+#
+# copy to %%PREFIX%%/etc/portaudit.conf
+#
+# $FreeBSD$
+#
+
+# specify a proxy if needed, see fetch(3)
+#FETCH_ENV="FTP_PROXY=http://ftp.proxy.sample/ HTTP_PROXY=http://http.proxy.sample:80/"
+
+# default fetch command
+#FETCH_CMD="/usr/bin/fetch -1am"
+
+# uncoment to use passive ftp, see fetch(1)
+#FETCH_BEFORE_ARGS="-p"
+
+#FETCH_AFTER_ARGS=
+
+# specify a local mirror here
+#MASTER_SITES="http://my.mirror.sample/path/portaudit/"
+
+# uncomment to prefer the UK mirror, jp, se, tw and uk are available
+#MASTER_SORT_REGEX="\.uk[.\/]"
diff --git a/security/portaudit/files/portaudit.functions b/security/portaudit/files/portaudit.functions
index 36f10289dd1b..93437a259130 100644
--- a/security/portaudit/files/portaudit.functions
+++ b/security/portaudit/files/portaudit.functions
@@ -36,25 +36,29 @@ portaudit_confs()
portaudit_dir=${portaudit_dir:-"%%DATABASEDIR%%"}
portaudit_filename=${portaudit_filename:-"auditfile.tbz"}
- FETCH_ENV=
- FETCH_CMD="fetch -1am"
- FETCH_BEFORE_ARGS=
- FETCH_AFTER_ARGS=
+ FETCH_ENV=${FETCH_ENV:-}
+ FETCH_CMD=${FETCH_CMD:-"/usr/bin/fetch -1am"}
+ FETCH_BEFORE_ARGS=${FETCH_BEFORE_ARGS:-}
+ FETCH_AFTER_ARGS=${FETCH_AFTER_ARGS:-}
- MASTER_SITE_LOCAL="
- ${MASTER_SITE_LOCAL}
+ MASTER_SITES=${MASTER_SITES:-"
ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
ftp://ftp.se.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
+ ftp://ftp.dk.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
+ ftp://ftp.cz.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
+ ftp://ftp1.ro.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
ftp://ftp.uk.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
- ftp://ftp.ru.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
+ ftp://ftp.at.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
ftp://ftp.jp.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
ftp://ftp.tw.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
- "
+ http://public.planetmirror.com/pub/FreeBSD/ports/local-distfiles/%SUBDIR%/
+ "}
+ MASTER_SITE_SUBDIR=${MASTER_SITE_SUBDIR:-"eik"}
- MASTER_SITE_SUBDIR=eik
+ MASTER_SITE_BACKUP=${MASTER_SITE_BACKUP:-"http://people.freebsd.org/~eik/portaudit/"}
#MASTER_SORT_REGEX="\.uk[.\/]"
- MASTER_SORT_REGEX="#"
+ MASTER_SORT_REGEX=${MASTER_SORT_REGEX:-"#"}
if [ -r %%PREFIX%%/etc/portaudit.conf ]; then
. %%PREFIX%%/etc/portaudit.conf
@@ -63,27 +67,28 @@ portaudit_confs()
extract_auditfile()
{
- tar -jxOf "${portaudit_dir}/${portaudit_filename}" auditfile
+ %%BZIP2_CMD%% -dc -- "${portaudit_dir}/${portaudit_filename}" | \
+ /usr/bin/tar -xOf - auditfile
}
checksum_auditfile()
{
chksum1=`extract_auditfile |
- sed -nEe '$s/^#CHECKSUM: *MD5 *([0-9a-f]{32})$/\1/p'`
- chksum2=`extract_auditfile | sed -e '$d' | md5`
+ /usr/bin/sed -nEe '$s/^#CHECKSUM: *MD5 *([0-9a-f]{32})$/\1/p'`
+ chksum2=`extract_auditfile | /usr/bin/sed -e '$d' | /sbin/md5`
[ "${chksum1}" = "${chksum2}" ];
}
getcreated_auditfile()
{
extract_auditfile |
- sed -nEe '1s/^#CREATED: *([0-9]{4})-?([0-9]{2})-?([0-9]{2}).*$/\1\2\3/p'
+ /usr/bin/sed -nEe '1s/^#CREATED: *([0-9]{4})-?([0-9]{2})-?([0-9]{2}).*$/\1\2\3/p'
}
checkexpiry_auditfile()
{
created=`getcreated_auditfile`
- expiry=`date -u -v-$1d '+%Y%m%d'`
+ expiry=`/bin/date -u -v-$1d '+%Y%m%d'`
[ "${created}" -ge "${expiry}" ];
}
@@ -126,7 +131,7 @@ portaudit_prerequisites()
audit_installed()
{
- extract_auditfile | awk -F\| "
+ extract_auditfile | /usr/bin/awk -F\| "
BEGIN { vul=0 }
/^(#|\$)/ { next }
{
@@ -153,15 +158,18 @@ audit_installed()
fetch_locations()
{
# site sort order is not overly smart
- echo "${MASTER_SITE_LOCAL}" | sed -e 'y/ /\n\n/' | awk "
+ echo ${MASTER_SITES} | /usr/bin/tr -s ' \t' '\n' | /usr/bin/awk "
BEGIN { IGNORECASE=1; srand() }
/^$/ { next }
{
if (\$0 ~ /${MASTER_SORT_REGEX}/ ) rank=0; else rank=rand()
gsub(/%SUBDIR%/, \"${MASTER_SITE_SUBDIR}\")
- print rank \"\\t\" \$0
+ print \$0 \"\\t\" rank
}
- " | sort -n | cut -f 2
+ " | /usr/bin/sort -n -k 2 | /usr/bin/cut -f 1
+ if [ -n "${MASTER_SITE_BACKUP}" ]; then
+ echo "${MASTER_SITE_BACKUP}"
+ fi
}
fetch_auditfile()
@@ -169,22 +177,25 @@ fetch_auditfile()
rc=1
if [ ! -d "${portaudit_dir}" ]; then
- mkdir -p "${portaudit_dir}"
+ if ! /bin/mkdir -p "${portaudit_dir}"; then
+ echo "Couldn't create ${portaudit_dir}, try running portaudit -F as root"
+ return 1
+ fi
fi
if [ ! -w "${portaudit_dir}" ]; then
- echo "Couldn't write to ${portaudit_dir}"
+ echo "Couldn't write to ${portaudit_dir}, try running portaudit -F as root"
return 1
fi
cd "${portaudit_dir}"
if [ -r "${portaudit_filename}" ]; then
- cp "${portaudit_filename}" "${portaudit_filename}.old"
+ /bin/cp "${portaudit_filename}" "${portaudit_filename}.old"
fi
for site in `fetch_locations`; do
echo ">> Attempting to fetch from ${site}."
- args="${site}/${portaudit_filename}"
- env ${FETCH_ENV} ${FETCH_CMD} ${FETCH_BEFORE_ARGS} ${args} ${FETCH_AFTER_ARGS}
+ args="${site}${portaudit_filename}"
+ /usr/bin/env ${FETCH_ENV} ${FETCH_CMD} ${FETCH_BEFORE_ARGS} ${args} ${FETCH_AFTER_ARGS}
if [ $? -ne 0 ]; then
echo "Couldn't fetch database."
elif [ ! -f "${portaudit_dir}/${portaudit_filename}" ] ; then
@@ -193,6 +204,7 @@ fetch_auditfile()
echo "fetched database corrupt."
elif ! checkexpiry_auditfile 7; then
echo "fetched database too old."
+ rc=0
else
echo "new database installed."
rc=0
@@ -201,12 +213,14 @@ fetch_auditfile()
done
if [ -f "${portaudit_filename}.old" ]; then
if [ ${rc} -eq 0 ]; then
- rm -f "${portaudit_filename}.old"
+ /bin/rm -f "${portaudit_filename}.old"
else
- mv -f "${portaudit_filename}.old" "${portaudit_filename}"
+ /bin/mv -f "${portaudit_filename}.old" "${portaudit_filename}"
echo "old database restored."
fi
fi
- chmod a=r "${portaudit_filename}"
+ if [ -f "${portaudit_filename}" ]; then
+ /bin/chmod a=r "${portaudit_filename}"
+ fi
return ${rc}
}
diff --git a/security/portaudit/pkg-deinstall b/security/portaudit/pkg-deinstall
index 8aebe9994cb0..7e4ebf7c68c4 100644
--- a/security/portaudit/pkg-deinstall
+++ b/security/portaudit/pkg-deinstall
@@ -3,16 +3,15 @@
# $FreeBSD$
#
-ECHO_CMD=echo
-
case $2 in
POST-DEINSTALL)
- ${ECHO_CMD}
- ${ECHO_CMD} "The portaudit package has been deleted."
- ${ECHO_CMD} "If you're *not* upgrading and won't be using"
- ${ECHO_CMD} "it any longer, you may want to remove the"
- ${ECHO_CMD} "portaudit database:"
- ${ECHO_CMD}
- ${ECHO_CMD} " rm -Rf %%DATABASEDIR%%"
+ echo
+ echo "The portaudit package has been deleted."
+ echo "If you're *not* upgrading and won't be using"
+ echo "it any longer, you may want to remove the"
+ echo "portaudit database:"
+ echo
+ echo " rm -Rf %%DATABASEDIR%%"
+ echo
;;
esac
diff --git a/security/portaudit/pkg-descr b/security/portaudit/pkg-descr
index cab77aaf3fbd..9dd30dd115f6 100644
--- a/security/portaudit/pkg-descr
+++ b/security/portaudit/pkg-descr
@@ -4,9 +4,6 @@ database of published security vulnerabilities.
After installation it will update this security database automatically and
include its reports in the output of the daily security run.
-Since this system is in development it can currently not be relied upon as an
-extensive security auditing tool.
-
If you have found a vulnerability not listed in the database, please contact
the FreeBSD Security Officer <security-officer@FreeBSD.org>. Refer to
@@ -14,6 +11,6 @@ the FreeBSD Security Officer <security-officer@FreeBSD.org>. Refer to
for more information.
-WWW: http://sourceforge.net/projects/portaudit/
+WWW: http://people.freebsd.org/~eik/portaudit/
Oliver Eikemeier <eik@FreeBSD.org>
diff --git a/security/portaudit/pkg-install b/security/portaudit/pkg-install
index 56b66fd5592d..485fe2c991cb 100644
--- a/security/portaudit/pkg-install
+++ b/security/portaudit/pkg-install
@@ -3,16 +3,14 @@
# $FreeBSD$
#
-ECHO_CMD=echo
-
case $2 in
POST-INSTALL)
if [ ! -f "%%DATABASEDIR%%/auditfile.tbz" ]; then
- ${ECHO_CMD}
- ${ECHO_CMD} "===> To check your installed ports for known vulnerabilities now do:"
- ${ECHO_CMD}
- ${ECHO_CMD} " %%PREFIX%%/bin/portaudit -F -a"
- ${ECHO_CMD}
+ echo
+ echo "===> To check your installed ports for known vulnerabilities now do:"
+ echo
+ echo " %%PREFIX%%/bin/portaudit -F -a"
+ echo
fi
;;
esac
diff --git a/security/portaudit/pkg-plist b/security/portaudit/pkg-plist
index 4262caf1153c..901547d3196e 100644
--- a/security/portaudit/pkg-plist
+++ b/security/portaudit/pkg-plist
@@ -1,4 +1,5 @@
bin/portaudit
+etc/portaudit.conf.sample
%%PERIODICDIR%%/security/910.portaudit
%%PERIODICDIR%%/daily/330.fetchaudit
%%DATADIR%%/portaudit.functions