[PKGS-7381] Collect FreeBSD details for vulnerable packages

This commit is contained in:
Michael Boelen 2016-09-22 14:47:06 +02:00
parent 100afa5f5b
commit 6a7ec8795a

View File

@ -611,36 +611,32 @@
# #
# Test : PKGS-7381 # Test : PKGS-7381
# Description : Check for vulnerable FreeBSD packages (with pkg) # Description : Check for vulnerable FreeBSD packages (with pkg)
if [ -x /usr/sbin/pkg -a -f /var/db/pkg/vuln.xml ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi # TODO : Update the repository first
Register --test-no PKGS-7381 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check for vulnerable FreeBSD packages with pkg" if [ -x /usr/sbin/pkg -a -f /var/db/pkg/vuln.xml ]; then PREQS_MET="YES"; SKIPREASON=""; else PREQS_MET="NO"; SKIPREASON="pkg tool not available, or missing vulnerability database"; fi
Register --test-no PKGS-7381 --preqs-met ${PREQS_MET} --skip-reason "${SKIPREASON}" --weight L --network NO --category security --description "Check for vulnerable FreeBSD packages with pkg"
if [ ${SKIPTEST} -eq 0 ]; then if [ ${SKIPTEST} -eq 0 ]; then
if [ -x /usr/sbin/pkg ]; then COUNT=0
FIND=`/usr/sbin/pkg audit 2> /dev/null | ${GREPBINARY} 'problem(s) in your installed packages found' | ${GREPBINARY} -v '0 problem(s) in your installed packages found'` PACKAGE_AUDIT_TOOL_FOUND=1
PACKAGE_AUDIT_TOOL_FOUND=1 PACKAGE_AUDIT_TOOL="pkg audit"
PACKAGE_AUDIT_TOOL="pkg audit" FIND=$(/usr/sbin/pkg audit -q 2> /dev/null)
if [ "${FIND}" = "" ]; then if [ $? -eq 0 ]; then
LogText "Result: pkg audit results are clean" LogText "Result: pkg audit results are clean"
Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_NONE}" --color GREEN Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_NONE}" --color GREEN
else else
LogText "Result: ${FIND}" LogText "Result: ${FIND}"
if [ ! -z "${FIND}" ]; then
VULNERABLE_PACKAGES_FOUND=1 VULNERABLE_PACKAGES_FOUND=1
Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_FOUND}" --color YELLOW Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_FOUND}" --color YELLOW
ReportSuggestion ${TEST_NO} "Check output of pkg audit" for ITEM in ${FIND}; do
#Display --indent 2 --text "- Checking pkg audit to obtain vulnerable packages" --result "${STATUS_WARNING}" --color RED COUNT=$((COUNT + 1))
#LogText "Result: pkg audit found one or more installed packages which are vulnerable." Report "vulnerable_package[]=${ITEM}"
#ReportWarning ${TEST_NO} "Found one or more vulnerable packages." LogText "Vulnerable package: ${ITEM}"
#ReportSuggestion ${TEST_NO} "Update your system with portupgrade or other tools" AddHP 1 2
#LogText "List of vulnerable packages/version:" done
#for I in `/usr/sbin/pkg audit -F | ${GREPBINARY} "Affected package" | ${CUTBINARY} -d ' ' -f3 | ${SORTBINARY} -u`; do ReportWarning ${TEST_NO} "Found vulnerable packages" "pkg" "text:${COUNT} vulnerable packages}"
# Report "vulnerable_package[]=${I}" else
# LogText "Vulnerable package: ${I}" LogText "Result: found an exit code greater than zero, yet no output"
# # Decrease hardening points for every found vulnerable package
# AddHP 1 2
#done
fi fi
else
Display --indent 2 --text "- pkg audit not installed" --result "${STATUS_NOT_FOUND}" --color WHITE
LogText "Result: pkg audit not installed, skipping this vulnerability test."
fi fi
fi fi
# #