1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
|
#!/bin/sh
################################################################################
# #
# Copyright (C) 2008-2012 LABBE Corentin <corentin.labbe@geomatys.fr>
#
# YASAT is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# YASAT is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with YASAT. If not, see <http://www.gnu.org/licenses/>.
# #
################################################################################
Title "Packages"
if [ "${LIST_PKG}x" = "x" ]
then
echo "Unknown packaging , i'll try autodetect"
#for the moment no autodetect :)
return 0;
fi
#debian apt-get
if [ "$LIST_PKG" = "apt-get" ]
then
echo "Check packages with apt-get"
#TODO check if we are stable/release specified in source.list
#TODO check if we use official debian/ubuntu or other external mirror (usefull)??? (check gpg signature)
NB_MAJ_SECU=`apt-get -s upgrade | grep '^Inst' |grep -i security | wc -l`
if [ $NB_MAJ_SECU -ge 1 ]
then
Display --indent 2 --text "Some security upgrade ar not done" --result WARNING --color RED
else
Display --indent 2 --text "No security upgrade" --result OK --color GREEN
fi
#Check for useless packages
if [ -e "${PLUGINS_REP}/packages.data" ]
then
echo "Check useless packages"
LISTE_PKG_INSTALLED="`dpkg -l | grep '^ii' | sed 's/^ii[[:space:]]*//g' | cut -d\ -f1`"
grep '^DEBIAN' $PLUGINS_REP/packages.data |
while read line
do
if [ ! -z "`echo $LISTE_PKG_INSTALLED | grep ^${line}`" ]
then
Display --indent 2 --text "Possible useless packages ${line}" --result WARNING --color ORANGE --advice PACKAGES_USELESS
fi
done
fi
return 0;
fi
#BSD pkg_info + portaudit
#only freebsd have portaudit
if [ "$OS_TYPE" = 'BSD' ]
then
portaudit 2>> $ERROR_OUTPUT_FILE > /dev/null
if [ $? -eq 127 ]
then
Display --indent 2 --text "portaudit not found" --result NOTFOUND --color RED --advice PACKAGES_NO_PORTAUDIT
return 1
fi
Display --indent 2 --text "Check PKG with portaudit" --result FOUND --color GREEN
portaudit
if [ $? -eq 2 ]
then
Display --indent 2 --text "Portaudit" --result TOOOLD --color ORANGE --advice PACKAGES_PORTAUDIT_TOOOLD
fi
fi
if [ "$OS" = 'OpenBSD' ]
then
pkg_add -unx
fi
#Gentoo glsa-check + emerge
if [ "$LIST_PKG" = "emerge" ]
then
echo "Check PKG with glsa"
glsa-check -v -t all
if [ $? -eq 0 ]
then
Display --indent 2 --text "No security upgrade" --result GOOD --color GREEN
else
Display --indent 2 --text "Some security upgrade are not done" --result WARNING --color RED
fi
return 0;
fi
#Red Hat
if [ "$LINUX_VERSION" = 'Red Hat' ]
then
#check rhnsd
chkconfig rhnsd
if [ $? = 0 ]
then
Display --indent 2 --text "rhnsd" --result ENABLED --color GREEN
else
Display --indent 2 --text "rhnsd" --result DISABLED --color RED --advice PACKAGE_REDHAT_RHNSD_DISABLED
fi
#TODO check yum-updatesd.conf
fi
#RedHat rpm -qa
if [ "$LIST_PKG" = "rpm" ]
then
echo "Check PKG with rpm"
LISTE_PKG_INSTALLED="`rpm -qa`"
#TODO check packages with rpm
grep '^REDHAT' $PLUGINS_REP/packages.data | cut -d\, -f2 |
while read line
do
if [ ! -z "`echo $LISTE_PKG_INSTALLED | grep -i [[:space:]]${line}`" ]
then
Display --indent 2 --text "Possible useless packages ${line}" --result WARNING --color ORANGE --advice PACKAGES_USELESS
fi
done
return 0;
fi
#solaris pkgadm?
return 0;
|
