tiger 1:3.2.3-10 / usr / lib / tiger / systems / Linux / 2 / deb_checkadvisories

This file is indexed.

/usr/lib/tiger/systems/Linux/2/deb_checkadvisories is in tiger 1:3.2.3-10.

This file is owned by root:root, with mode 0o755.

The actual contents of the file can be viewed below. 

  1
  2
  3
  4
  5
  6
  7
  8
  9
 10
 11
 12
 13
 14
 15
 16
 17
 18
 19
 20
 21
 22
 23
 24
 25
 26
 27
 28
 29
 30
 31
 32
 33
 34
 35
 36
 37
 38
 39
 40
 41
 42
 43
 44
 45
 46
 47
 48
 49
 50
 51
 52
 53
 54
 55
 56
 57
 58
 59
 60
 61
 62
 63
 64
 65
 66
 67
 68
 69
 70
 71
 72
 73
 74
 75
 76
 77
 78
 79
 80
 81
 82
 83
 84
 85
 86
 87
 88
 89
 90
 91
 92
 93
 94
 95
 96
 97
 98
 99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
#!/bin/sh
#
#     tiger - A UN*X security checking system
#     Copyright (C) 2000, 2001 Javier Fernandez-Sanguino Peña
#
#    This program is free software; you can redistribute it and/or modify
#    it under the terms of the GNU General Public License as published by
#    the Free Software Foundation; either version 2, or (at your option)
#    any later version.
#
#    This program is distributed in the hope that it will be useful,
#    but WITHOUT ANY WARRANTY; without even the implied warranty of
#    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
#    GNU General Public License for more details.
#
#     Please see the file `COPYING' for the complete copyright notice.
#
# Linux/deb_checkadvisories - 08/24/2001
#
# Check Debian advisories and determine which ones affect the system.
# Notice that the file containing the submitted Debian advisories is
# 'deb_advisories', which needs to be updated using the sources at 
# cvs.debian.org.  These are available at
# http://www.debian.org/devel/website/using_cvs
# The problem is that that script has been thought so that the maintainer
# can update the information, it's not so easy to update it yourself.
# You can use  the 'retrieve-advisories.pl' script to update it, however.
#
# If there are no updates for this file, you are probably better off
# configuring your system to use the 'check_patches' script instead. 
# This script, like cron-apt does, uses apt to download the package 
# list and determine which packages need to be updated.
# Please read the following:
# http://www.debian.org/doc/manuals/securing-debian-howto/ch9.en.html#s-keep-up-to-date
# deb_checkadvisories might probably be removed in the future or change it
# to use the RDF feed from the website.
#
# Linux/deb_checkadvisories - 08/24/2001 - jfs - initial version
# Linux/deb_checkadvisories - 04/15/2003 - jfs - Added notes to the script
#-----------------------------------------------------------------------------
TigerInstallDir="/usr/lib/tiger"


#
# Set default base directory.
# Order or preference:
#      -B option
#      TIGERHOMEDIR environment variable
#      TigerInstallDir installed location
#
basedir=${TIGERHOMEDIR:=$TigerInstallDir}

for parm
do
   case $parm in
   -B) basedir=$2; break;;
   esac
done

#
# Verify that a config file exists there, and if it does
# source it.
#
[ ! -r $basedir/config ] && {
  echo "--ERROR-- [init002e] No 'config' file in \`$basedir'."
  exit 1
}

. $basedir/config

. $BASEDIR/initdefs

#
# If run in test mode (-t) this will verify that all required
# elements are set.
#
[ "$Tiger_TESTMODE" = 'Y' ] && {
  haveallcmds DPKG CAT HEAD CUT GREP UNAME || exit 1
  haveallfiles BASEDIR WORKDIR || exit 1
  haveallvars TESTLINK HOSTNAME
  
  message CONFIG init003c "" "$0: Configuration ok..."
  exit 0
}

#------------------------------------------------------------------------
echo
echo "# Checking installed packages vs Debian Security Advisories..."

haveallcmds DPKG CAT HEAD CUT GREP UNAME SED || exit 1


currentarch=`$UNAME -m | $SED -e "s/i.86/i386/"`
[ -f $CONFIG_DIR/debian_advisories ] && $CAT $CONFIG_DIR/debian_advisories | {
	while read package version arch advisory date 
	do
# TODO: only check if arch is the same otherwise we are checking more
# than once and might give out false positives
		[ "$currentarch" = "$arch" ] && {
		if [ "$Tiger_DPKG_Optimize" = "N" ]
		then
			installed=`$DPKG --status $package | $GREP Version` 
		else
			installed=`$GREP -A 10 "^Package: ${i}$" /var/lib/dpkg/status | $GREP ^Version: | $HEAD -1 | $CUT -d : -f 2 `
		fi
		if [ "$installed" != "" ] 
		then 
			installed=`echo $installed | $CUT -d : -f 2`
			[ "$version" = "$installed" ] && {
			message ERROR deb001e "" "Installed version of package $package has a security problem as described in Debian Security Advisory of date $date: \`$advisory'. Upgrade from security.debian.org"
		}
		fi
		}
	done 
}

APT Browse - Built by Thomas Orozco.