[小技巧]用glsa-check檢查系統有無安全漏洞

Moderator: Forums Team

Post Reply
pahud
24hr 義工
Posts: 1251
Joined: Tue Nov 26, 2002 10:22 pm
Contact:

[小技巧]用glsa-check檢查系統有無安全漏洞

Post by pahud »

Code: Select all

# glsa-check --list 2>/dev/null | grep "\[N\]"
[N] indicates that the system might be affected.
200401-01 [N] Linux kernel do_mremap() local privilege escalation vulnerability ( sys-kernel/alpha-sources sys-kernel/ck-sources sys-kernel/hppa-sources ... )
200403-02 [N] Linux kernel do_mremap local privilege escalation vulnerability ( sys-kernel/alpha-sources sys-kernel/ck-sources sys-kernel/hppa-sources ... )
200404-01 [N] Insecure sandbox temporary lockfile vulnerabilities in Portage ( sys-apps/portage )
200404-07 [N] ClamAV RAR Archive Remote Denial Of Service Vulnerability ( net-mail/clamav )

表示可能有以上的漏洞要修補,詳細用法請打glsa-check -h

所以寫個cron來定期檢查一下,挺不錯的!

glsa-check comes from gentoolkit

Code: Select all

# qpkg -f `which glsa-check`
app-portage/gentoolkit *
Last edited by pahud on Fri Apr 09, 2004 7:48 am, edited 1 time in total.
Join GOT@SETI now!
pahud
24hr 義工
Posts: 1251
Joined: Tue Nov 26, 2002 10:22 pm
Contact:

Post by pahud »

不過這還是在beta測試階段,在判斷kernel vuln.的地方可能會不大準,例如do_mremap() 的漏洞,尤其是前前後後一路emerge好多個版本的kernel sources的時候。

這時可以用這command一查

Code: Select all

# qpkg -I -v gentoo-sources
sys-kernel/gentoo-sources-2.4.25 *
sys-kernel/gentoo-sources-2.4.20-r1 *
sys-kernel/gentoo-sources-2.4.20-r2 *
sys-kernel/gentoo-sources-2.4.20-r5 *
sys-kernel/gentoo-sources-2.4.20-r6 *
sys-kernel/gentoo-sources-2.4.20-r7 *
sys-kernel/gentoo-sources-2.4.20-r8 *
sys-kernel/gentoo-sources-2.4.20-r9 *
sys-kernel/gentoo-sources-2.4.22-r2 *
sys-kernel/gentoo-sources-2.4.22-r3 *
sys-kernel/gentoo-sources-2.4.22-r4 *
sys-kernel/gentoo-sources-2.4.22-r5 *
sys-kernel/gentoo-sources-2.4.22-r7 *
就會發現自己系統裝了好多gentoo-sources版本,
如果這樣的話,可以清一下舊的版本

Code: Select all

 # emerge -C "<sys-kernel/gentoo-sources-2.4.22-r7"
這樣再打glsa-check --list就沒有舊版本kernel vuln.的問題囉!
Join GOT@SETI now!
pahud
24hr 義工
Posts: 1251
Joined: Tue Nov 26, 2002 10:22 pm
Contact:

Post by pahud »

對了,要寫在cron的話可以用這方式

Code: Select all

glsa-check --list 2>/dev/null | egrep ".+\[N\]"
這樣就不用每次都列出第一行
[N] indicates that the system might be affected.


e.g.

Code: Select all

# cat /etc/cron.d/glsa_check
MAILTO=pahud@yourdomain.tld
0 * * * * root /usr/bin/emerge sync > /dev/null; /usr/bin/glsa-check --list 2>/dev/null | egrep ".+\[N\]"
Last edited by pahud on Fri Apr 09, 2004 9:39 am, edited 1 time in total.
Join GOT@SETI now!
pahud
24hr 義工
Posts: 1251
Joined: Tue Nov 26, 2002 10:22 pm
Contact:

Post by pahud »

這是glsa-check的官方網頁:

Portage GLSA integration
http://www.gentoo.org/proj/en/portage/g ... ration.xml


我發現這是一個script,會去檢查local的/usr/portage/metadata/glsa目錄,但我發現GLSA
發佈之後,glsa的xml檔並不會馬上被comit進去portage裡面,
至少現在我看到GLSA 200404-08了,但是總部的/usr/portage/metadata/glsa底下找不到glsa-200404-08.xml,這可能中間出一點問題了!

因此,如果要在cron裡面用glsa-check來檢查系統安全的話,別忘了執行之前一定要做一次emerge sync, 且最好GLSA mailing list也是要訂,因為Portage GLSA integration目前還不是很成熟。
Join GOT@SETI now!
pahud
24hr 義工
Posts: 1251
Joined: Tue Nov 26, 2002 10:22 pm
Contact:

Post by pahud »

嘿嘿!今天早上出門前看到GLSA 2004-05-02, 到公司之後打開mailbox就看到我的server通知
我其中一台gentoo沒升級LHa了,不錯哩!

Code: Select all

200405-02 [N] Multiple vulnerabilities in LHa ( app-arch/lha )
Join GOT@SETI now!
Post Reply