Enhance pkg support on FreeBSD

This commit is contained in:
Michael Boelen 2016-10-15 16:38:33 +02:00
parent f1c3c23cae
commit 22d27434c9
2 changed files with 29 additions and 23 deletions

View File

@ -184,6 +184,10 @@
pacman) PACMANFOUND=1; PACMANBINARY="${BINARY}"; LogText " Found known binary: pacman (package manager) - ${BINARY}" ;;
perl) PERLFOUND=1; PERLBINARY="${BINARY}"; PERLVERSION=`${BINARY} -V:version | sed 's/^version=//' | sed 's/;//' | xargs`; LogText "Found ${BINARY} (version ${PERLVERSION})" ;;
php) PHPFOUND=1; PHPBINARY="${BINARY}"; PHPVERSION=`${BINARY} -v | awk '{ if ($1=="PHP") { print $2 }}' | head -1`; LogText "Found known binary: php (programming language intrepreter) - ${BINARY} (version ${PHPVERSION})" ;;
pkg)
PKG_BINARY="${BINARY}"
LogText " Found known binary: pkg (software package administration) - ${BINARY}"
;;
pkg_admin) PKGADMINBINARY="${BINARY}"; LogText " Found known binary: pkg_admin (software package administration) - ${BINARY}" ;;
postconf) POSTCONFFOUND=1; POSTCONFBINARY="${BINARY}"; LogText " Found known binary: postconf (postfix configuration) - ${BINARY}" ;;
postfix) POSTFIXFOUND=1; POSTFIXBINARY="${BINARY}"; LogText " Found known binary: postfix (postfix binary) - ${BINARY}" ;;

View File

@ -652,13 +652,14 @@
# Description : Check for vulnerable FreeBSD packages (with pkg)
# Notes : Related vulnerability file is /var/db/pkg/vuln.xml
# TODO : Run this in any jail
if [ -x ${ROOTDIR}usr/sbin/pkg ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="pkg tool not available"; fi
if [ ! -z "${PKG_BINARY}" ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="pkg tool not available"; fi
Register --test-no PKGS-7381 --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight L --network NO --category security --description "Check for vulnerable FreeBSD packages with pkg"
if [ ${SKIPTEST} -eq 0 ]; then
COUNT=0
PACKAGE_AUDIT_TOOL_FOUND=1
PACKAGE_AUDIT_TOOL="pkg audit"
FIND=$(/usr/sbin/pkg audit > /dev/null 2>&1)
if [ -f ${ROOTDIR}var/db/pkg/vuln.xml ]; then
FIND=$(${PKG_BINARY} audit 2> /dev/null)
if [ $? -eq 0 ]; then
LogText "Result: pkg audit results are clean"
Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_NONE}" --color GREEN
@ -677,13 +678,14 @@
else
LogText "Result: found an exit code greater than zero, yet no output"
fi
elif [ $? -eq 65 ]; then
LogText "Result: exited with code 65, meaning there is no vulnerability database"
ReportWarning "${TEST_NO}" "No vulnerability database available" "pkg audit" "text:Run pkg audit -f"
else
LogText "Result: exited with code $?"
ReportException "${TEST_NO}" "Found an unknown exit code for pkg audit. Please create an issue at ${PROJECT_SOURCE}"
fi
else
LogText "Result: could not find vulnerability database"
ReportWarning "${TEST_NO}" "No vulnerability database available" "pkg audit" "text:Run pkg audit -f"
fi
fi
#
#################################################################################