fix man page nits,
modify the vulnerability report depending on -q/-v (experimental) PR: 69935, 68942 Submitted by: Chris Pepper <pepper@reppep.com>, Johan Karlsson <k@numeri.campus.luth.se>
This commit is contained in:
Oliver Eikemeier
parent
e7ffe66e0d
commit
40f8b91153
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=116131
@ -6,7 +6,7 @@
|
||||
#
|
||||
|
||||
PORTNAME= portaudit
|
||||
PORTVERSION= 0.5.1
|
||||
PORTVERSION= 0.5.2
|
||||
CATEGORIES= security
|
||||
DISTFILES=
|
||||
|
||||
@ -38,9 +38,15 @@ SED_SCRIPT= -e 's|%%PREFIX%%|${PREFIX}|g' \
|
||||
|
||||
.include <bsd.port.pre.mk>
|
||||
|
||||
.if ${OSVERSION} < 492000 || ${OSVERSION} >= 500000 && ${OSVERSION} < 502120
|
||||
.if !defined(DFOSVERSION)
|
||||
.if ${OSVERSION} < 491101 || ${OSVERSION} >= 500000 && ${OSVERSION} < 502120
|
||||
RUN_DEPENDS= ${LOCALBASE}/sbin/pkg_info:${PORTSDIR}/sysutils/pkg_install-devel
|
||||
.endif
|
||||
.else
|
||||
.if ${DFOSVERSION} < 110000
|
||||
RUN_DEPENDS= ${LOCALBASE}/sbin/pkg_info:${PORTSDIR}/sysutils/pkg_install-devel
|
||||
.endif
|
||||
.endif
|
||||
|
||||
.if defined(BZIP2DEPENDS)
|
||||
RUN_DEPENDS+= bzip2:${PORTSDIR}/archivers/bzip2
|
||||
|
||||
@ -127,7 +127,7 @@ audit_installed()
|
||||
{
|
||||
local rc=0
|
||||
|
||||
extract_auditfile | awk -F\| '
|
||||
extract_auditfile | awk -F\| "$PRINTAFFECTED_AWK"'
|
||||
BEGIN { vul=0 }
|
||||
/^(#|\$)/ { next }
|
||||
$2 !~ /'"$opt_restrict"'/ { next }
|
||||
@ -135,12 +135,7 @@ audit_installed()
|
||||
cmd="'"$pkg_info"' -E \"" $1 "\""
|
||||
while((cmd | getline pkg) > 0) {
|
||||
vul++
|
||||
split($2, ref, / /)
|
||||
print "Affected package: " pkg
|
||||
print "Type of problem: " $3 "."
|
||||
for (r in ref)
|
||||
print "Reference: <" ref[r] ">"
|
||||
print ""
|
||||
print_affected(pkg)
|
||||
}
|
||||
close(cmd)
|
||||
}
|
||||
@ -182,7 +177,7 @@ audit_file()
|
||||
;;
|
||||
esac
|
||||
|
||||
extract_auditfile | awk -F\| '
|
||||
extract_auditfile | awk -F\| "$PRINTAFFECTED_AWK"'
|
||||
BEGIN { vul=0 }
|
||||
/^(#|\$)/ { next }
|
||||
{
|
||||
@ -191,13 +186,7 @@ audit_file()
|
||||
if ($2 !~ /'"$opt_restrict"'/)
|
||||
next
|
||||
vul++
|
||||
split($2, ref, / /)
|
||||
split(pkg, p)
|
||||
print "Affected package: " p[1]
|
||||
print "Type of problem: " $3 "."
|
||||
for (r in ref)
|
||||
print "Reference: <" ref[r] ">"
|
||||
print ""
|
||||
print_affected(pkg)
|
||||
}
|
||||
close(cmd)
|
||||
}
|
||||
@ -233,14 +222,9 @@ audit_args()
|
||||
{ print }
|
||||
' | $pkg_version -T "$1" -`; then
|
||||
VULCNT=$(($VULCNT+1))
|
||||
echo "$VLIST" | awk -F\| '{
|
||||
print "Affected package: '$1' (matched by " $1 ")"
|
||||
print "Type of problem: " $3 "."
|
||||
split($2, ref, / /)
|
||||
for (r in ref)
|
||||
print "Reference: <" ref[r] ">"
|
||||
print ""
|
||||
}'
|
||||
echo "$VLIST" | awk -F\| "$PRINTAFFECTED_AWK"'
|
||||
{ print_affected("'"$1"'") }
|
||||
'
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
@ -271,14 +255,9 @@ audit_cwd()
|
||||
$2 !~ /'"$opt_restrict"'/ { next }
|
||||
{ print }
|
||||
' | $pkg_version -T "$PKGNAME" -`; then
|
||||
echo "$VLIST" | awk -F\| '{
|
||||
print "Affected package: '$PKGNAME' (matched by " $1 ")"
|
||||
print "Type of problem: " $3 "."
|
||||
split($2, ref, / /)
|
||||
for (r in ref)
|
||||
print "Reference: <" ref[r] ">"
|
||||
print ""
|
||||
}'
|
||||
echo "$VLIST" | awk -F\| "$PRINTAFFECTED_AWK"'
|
||||
{ print_affected("'"$PKGNAME"'") }
|
||||
'
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
@ -375,7 +354,7 @@ while getopts aCdf:Fqr:vVX: opt; do
|
||||
X)
|
||||
opt_expiry="$OPTARG";;
|
||||
?)
|
||||
echo "Usage: $0 -aCdF [-f file] [pkg-name ...]"
|
||||
echo "Usage: $0 -aCdF [-X days] [-r pattern] [-f file] [pkg-name ...]"
|
||||
exit 2;;
|
||||
esac
|
||||
done
|
||||
@ -419,6 +398,38 @@ fi
|
||||
|
||||
prerequisites_checked=false
|
||||
|
||||
if $opt_quiet; then
|
||||
PRINTAFFECTED_AWK='
|
||||
function print_affected(apkg) {
|
||||
print apkg
|
||||
}
|
||||
'
|
||||
elif $opt_verbose; then
|
||||
PRINTAFFECTED_AWK='
|
||||
function print_affected(apkg) {
|
||||
split(apkg, thepkg)
|
||||
print "Affected package: " thepkg[1] " (matched by " $1 ")"
|
||||
print "Type of problem: " $3 "."
|
||||
split($2, ref, / /)
|
||||
for (r in ref)
|
||||
print "Reference: <" ref[r] ">"
|
||||
print ""
|
||||
}
|
||||
'
|
||||
else
|
||||
PRINTAFFECTED_AWK='
|
||||
function print_affected(apkg) {
|
||||
split(apkg, thepkg)
|
||||
print "Affected package: " thepkg[1]
|
||||
print "Type of problem: " $3 "."
|
||||
split($2, ref, / /)
|
||||
for (r in ref)
|
||||
print "Reference: <" ref[r] ">"
|
||||
print ""
|
||||
}
|
||||
'
|
||||
fi
|
||||
|
||||
if $opt_audit; then
|
||||
portaudit_prerequisites
|
||||
audit_installed || ret=$?
|
||||
|
||||
@ -28,7 +28,7 @@
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd June 29, 2004
|
||||
.Dd August 12, 2004
|
||||
.Os
|
||||
.Dt PORTAUDIT \&1 "FreeBSD ports collection"
|
||||
.
|
||||
@ -54,7 +54,7 @@
|
||||
.Nm
|
||||
checks installed packages for known vulnerabilities and generates reports
|
||||
including references to security advisories.
|
||||
Its audience are system administrators or individual users.
|
||||
Its intended audience is system administrators and individual users.
|
||||
.Pp
|
||||
.Nm
|
||||
uses a database maintained by port committers and the FreeBSD security team
|
||||
@ -103,6 +103,10 @@ Test whether
|
||||
.Ar pkg-name
|
||||
is listed in the audit database.
|
||||
.El
|
||||
.Pp
|
||||
If no options are given,
|
||||
.Nm
|
||||
prints a vulnerability report for all installed packages.
|
||||
.
|
||||
.
|
||||
.Sh EXAMPLES
|
||||
@ -117,6 +121,10 @@ Print a vulnerability report for all installed packages:
|
||||
.Pp
|
||||
.Dl "portaudit -a"
|
||||
.It
|
||||
Print a vulnerability report for a remote machine:
|
||||
.Pp
|
||||
.Dl "ssh remote.example pkg_info | awk '{ print $1 }' | xargs portaudit"
|
||||
.It
|
||||
Print a vulnerability report for the local INDEX:
|
||||
.Pp
|
||||
.Dl "portaudit -f %%PORTSDIR%%/%%INDEXFILE%%"
|
||||
|
||||
@ -6,7 +6,7 @@
|
||||
#
|
||||
|
||||
PORTNAME= portaudit
|
||||
PORTVERSION= 0.5.1
|
||||
PORTVERSION= 0.5.2
|
||||
CATEGORIES= security
|
||||
DISTFILES=
|
||||
|
||||
@ -38,9 +38,15 @@ SED_SCRIPT= -e 's|%%PREFIX%%|${PREFIX}|g' \
|
||||
|
||||
.include <bsd.port.pre.mk>
|
||||
|
||||
.if ${OSVERSION} < 492000 || ${OSVERSION} >= 500000 && ${OSVERSION} < 502120
|
||||
.if !defined(DFOSVERSION)
|
||||
.if ${OSVERSION} < 491101 || ${OSVERSION} >= 500000 && ${OSVERSION} < 502120
|
||||
RUN_DEPENDS= ${LOCALBASE}/sbin/pkg_info:${PORTSDIR}/sysutils/pkg_install-devel
|
||||
.endif
|
||||
.else
|
||||
.if ${DFOSVERSION} < 110000
|
||||
RUN_DEPENDS= ${LOCALBASE}/sbin/pkg_info:${PORTSDIR}/sysutils/pkg_install-devel
|
||||
.endif
|
||||
.endif
|
||||
|
||||
.if defined(BZIP2DEPENDS)
|
||||
RUN_DEPENDS+= bzip2:${PORTSDIR}/archivers/bzip2
|
||||
|
||||
@ -127,7 +127,7 @@ audit_installed()
|
||||
{
|
||||
local rc=0
|
||||
|
||||
extract_auditfile | awk -F\| '
|
||||
extract_auditfile | awk -F\| "$PRINTAFFECTED_AWK"'
|
||||
BEGIN { vul=0 }
|
||||
/^(#|\$)/ { next }
|
||||
$2 !~ /'"$opt_restrict"'/ { next }
|
||||
@ -135,12 +135,7 @@ audit_installed()
|
||||
cmd="'"$pkg_info"' -E \"" $1 "\""
|
||||
while((cmd | getline pkg) > 0) {
|
||||
vul++
|
||||
split($2, ref, / /)
|
||||
print "Affected package: " pkg
|
||||
print "Type of problem: " $3 "."
|
||||
for (r in ref)
|
||||
print "Reference: <" ref[r] ">"
|
||||
print ""
|
||||
print_affected(pkg)
|
||||
}
|
||||
close(cmd)
|
||||
}
|
||||
@ -182,7 +177,7 @@ audit_file()
|
||||
;;
|
||||
esac
|
||||
|
||||
extract_auditfile | awk -F\| '
|
||||
extract_auditfile | awk -F\| "$PRINTAFFECTED_AWK"'
|
||||
BEGIN { vul=0 }
|
||||
/^(#|\$)/ { next }
|
||||
{
|
||||
@ -191,13 +186,7 @@ audit_file()
|
||||
if ($2 !~ /'"$opt_restrict"'/)
|
||||
next
|
||||
vul++
|
||||
split($2, ref, / /)
|
||||
split(pkg, p)
|
||||
print "Affected package: " p[1]
|
||||
print "Type of problem: " $3 "."
|
||||
for (r in ref)
|
||||
print "Reference: <" ref[r] ">"
|
||||
print ""
|
||||
print_affected(pkg)
|
||||
}
|
||||
close(cmd)
|
||||
}
|
||||
@ -233,14 +222,9 @@ audit_args()
|
||||
{ print }
|
||||
' | $pkg_version -T "$1" -`; then
|
||||
VULCNT=$(($VULCNT+1))
|
||||
echo "$VLIST" | awk -F\| '{
|
||||
print "Affected package: '$1' (matched by " $1 ")"
|
||||
print "Type of problem: " $3 "."
|
||||
split($2, ref, / /)
|
||||
for (r in ref)
|
||||
print "Reference: <" ref[r] ">"
|
||||
print ""
|
||||
}'
|
||||
echo "$VLIST" | awk -F\| "$PRINTAFFECTED_AWK"'
|
||||
{ print_affected("'"$1"'") }
|
||||
'
|
||||
fi
|
||||
;;
|
||||
esac
|
||||
@ -271,14 +255,9 @@ audit_cwd()
|
||||
$2 !~ /'"$opt_restrict"'/ { next }
|
||||
{ print }
|
||||
' | $pkg_version -T "$PKGNAME" -`; then
|
||||
echo "$VLIST" | awk -F\| '{
|
||||
print "Affected package: '$PKGNAME' (matched by " $1 ")"
|
||||
print "Type of problem: " $3 "."
|
||||
split($2, ref, / /)
|
||||
for (r in ref)
|
||||
print "Reference: <" ref[r] ">"
|
||||
print ""
|
||||
}'
|
||||
echo "$VLIST" | awk -F\| "$PRINTAFFECTED_AWK"'
|
||||
{ print_affected("'"$PKGNAME"'") }
|
||||
'
|
||||
return 1
|
||||
fi
|
||||
}
|
||||
@ -375,7 +354,7 @@ while getopts aCdf:Fqr:vVX: opt; do
|
||||
X)
|
||||
opt_expiry="$OPTARG";;
|
||||
?)
|
||||
echo "Usage: $0 -aCdF [-f file] [pkg-name ...]"
|
||||
echo "Usage: $0 -aCdF [-X days] [-r pattern] [-f file] [pkg-name ...]"
|
||||
exit 2;;
|
||||
esac
|
||||
done
|
||||
@ -419,6 +398,38 @@ fi
|
||||
|
||||
prerequisites_checked=false
|
||||
|
||||
if $opt_quiet; then
|
||||
PRINTAFFECTED_AWK='
|
||||
function print_affected(apkg) {
|
||||
print apkg
|
||||
}
|
||||
'
|
||||
elif $opt_verbose; then
|
||||
PRINTAFFECTED_AWK='
|
||||
function print_affected(apkg) {
|
||||
split(apkg, thepkg)
|
||||
print "Affected package: " thepkg[1] " (matched by " $1 ")"
|
||||
print "Type of problem: " $3 "."
|
||||
split($2, ref, / /)
|
||||
for (r in ref)
|
||||
print "Reference: <" ref[r] ">"
|
||||
print ""
|
||||
}
|
||||
'
|
||||
else
|
||||
PRINTAFFECTED_AWK='
|
||||
function print_affected(apkg) {
|
||||
split(apkg, thepkg)
|
||||
print "Affected package: " thepkg[1]
|
||||
print "Type of problem: " $3 "."
|
||||
split($2, ref, / /)
|
||||
for (r in ref)
|
||||
print "Reference: <" ref[r] ">"
|
||||
print ""
|
||||
}
|
||||
'
|
||||
fi
|
||||
|
||||
if $opt_audit; then
|
||||
portaudit_prerequisites
|
||||
audit_installed || ret=$?
|
||||
|
||||
@ -28,7 +28,7 @@
|
||||
.\"
|
||||
.\" $FreeBSD$
|
||||
.\"
|
||||
.Dd June 29, 2004
|
||||
.Dd August 12, 2004
|
||||
.Os
|
||||
.Dt PORTAUDIT \&1 "FreeBSD ports collection"
|
||||
.
|
||||
@ -54,7 +54,7 @@
|
||||
.Nm
|
||||
checks installed packages for known vulnerabilities and generates reports
|
||||
including references to security advisories.
|
||||
Its audience are system administrators or individual users.
|
||||
Its intended audience is system administrators and individual users.
|
||||
.Pp
|
||||
.Nm
|
||||
uses a database maintained by port committers and the FreeBSD security team
|
||||
@ -103,6 +103,10 @@ Test whether
|
||||
.Ar pkg-name
|
||||
is listed in the audit database.
|
||||
.El
|
||||
.Pp
|
||||
If no options are given,
|
||||
.Nm
|
||||
prints a vulnerability report for all installed packages.
|
||||
.
|
||||
.
|
||||
.Sh EXAMPLES
|
||||
@ -117,6 +121,10 @@ Print a vulnerability report for all installed packages:
|
||||
.Pp
|
||||
.Dl "portaudit -a"
|
||||
.It
|
||||
Print a vulnerability report for a remote machine:
|
||||
.Pp
|
||||
.Dl "ssh remote.example pkg_info | awk '{ print $1 }' | xargs portaudit"
|
||||
.It
|
||||
Print a vulnerability report for the local INDEX:
|
||||
.Pp
|
||||
.Dl "portaudit -f %%PORTSDIR%%/%%INDEXFILE%%"
|
||||
|
||||
Loading…
Reference in New Issue
Block a user