/usr/lib/tiger/systems/Linux/2/deb_checkadvisories is in tiger 1:3.2.3-10.
This file is owned by root:root, with mode 0o755.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 | #!/bin/sh
#
# tiger - A UN*X security checking system
# Copyright (C) 2000, 2001 Javier Fernandez-Sanguino Peña
#
# This program is free software; you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 2, or (at your option)
# any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# Please see the file `COPYING' for the complete copyright notice.
#
# Linux/deb_checkadvisories - 08/24/2001
#
# Check Debian advisories and determine which ones affect the system.
# Notice that the file containing the submitted Debian advisories is
# 'deb_advisories', which needs to be updated using the sources at
# cvs.debian.org. These are available at
# http://www.debian.org/devel/website/using_cvs
# The problem is that that script has been thought so that the maintainer
# can update the information, it's not so easy to update it yourself.
# You can use the 'retrieve-advisories.pl' script to update it, however.
#
# If there are no updates for this file, you are probably better off
# configuring your system to use the 'check_patches' script instead.
# This script, like cron-apt does, uses apt to download the package
# list and determine which packages need to be updated.
# Please read the following:
# http://www.debian.org/doc/manuals/securing-debian-howto/ch9.en.html#s-keep-up-to-date
# deb_checkadvisories might probably be removed in the future or change it
# to use the RDF feed from the website.
#
# Linux/deb_checkadvisories - 08/24/2001 - jfs - initial version
# Linux/deb_checkadvisories - 04/15/2003 - jfs - Added notes to the script
#-----------------------------------------------------------------------------
TigerInstallDir="/usr/lib/tiger"
#
# Set default base directory.
# Order or preference:
# -B option
# TIGERHOMEDIR environment variable
# TigerInstallDir installed location
#
basedir=${TIGERHOMEDIR:=$TigerInstallDir}
for parm
do
case $parm in
-B) basedir=$2; break;;
esac
done
#
# Verify that a config file exists there, and if it does
# source it.
#
[ ! -r $basedir/config ] && {
echo "--ERROR-- [init002e] No 'config' file in \`$basedir'."
exit 1
}
. $basedir/config
. $BASEDIR/initdefs
#
# If run in test mode (-t) this will verify that all required
# elements are set.
#
[ "$Tiger_TESTMODE" = 'Y' ] && {
haveallcmds DPKG CAT HEAD CUT GREP UNAME || exit 1
haveallfiles BASEDIR WORKDIR || exit 1
haveallvars TESTLINK HOSTNAME
message CONFIG init003c "" "$0: Configuration ok..."
exit 0
}
#------------------------------------------------------------------------
echo
echo "# Checking installed packages vs Debian Security Advisories..."
haveallcmds DPKG CAT HEAD CUT GREP UNAME SED || exit 1
currentarch=`$UNAME -m | $SED -e "s/i.86/i386/"`
[ -f $CONFIG_DIR/debian_advisories ] && $CAT $CONFIG_DIR/debian_advisories | {
while read package version arch advisory date
do
# TODO: only check if arch is the same otherwise we are checking more
# than once and might give out false positives
[ "$currentarch" = "$arch" ] && {
if [ "$Tiger_DPKG_Optimize" = "N" ]
then
installed=`$DPKG --status $package | $GREP Version`
else
installed=`$GREP -A 10 "^Package: ${i}$" /var/lib/dpkg/status | $GREP ^Version: | $HEAD -1 | $CUT -d : -f 2 `
fi
if [ "$installed" != "" ]
then
installed=`echo $installed | $CUT -d : -f 2`
[ "$version" = "$installed" ] && {
message ERROR deb001e "" "Installed version of package $package has a security problem as described in Debian Security Advisory of date $date: \`$advisory'. Upgrade from security.debian.org"
}
fi
}
done
}
|