Using oeaudit.py to check for known security issues

Using oeaudit.py to check for known security issues

[Holger Hans Peter Freyther]

Hi,

here is a rather simple howto:

$ bitbake -s > available
$ export PYTHONPATH=/bitbake/lib
$ /OE/contrib/oeaudit/oeaudit.py -f
This will call wget, tar to get the audifile and place it in the local dir
$ /OE/contrib/oeaudit/oeaudit.py -a auditfile -p available
Now you get a nice list of issues...



TODO items:
	- Sometimes the latest upstream version has the bug and we need to
          apply a patch. Right now this will still be displayed as 
          vulnerable.. I will add another file where one can claim to have fixed
          certain issues..

	- Rewrite in GNU smalltalk

Re: Using oeaudit.py to check for known security issues

[Petr Štetiar]

Holger Hans Peter Freyther <holger+oe@freyther.de> [2010-03-23 10:33:40]:

> Hi,

Hi,

> here is a rather simple howto:
> 
> $ bitbake -s > available
> $ export PYTHONPATH=/bitbake/lib
> $ /OE/contrib/oeaudit/oeaudit.py -f
> This will call wget, tar to get the audifile and place it in the local dir
> $ /OE/contrib/oeaudit/oeaudit.py -a auditfile -p available
> Now you get a nice list of issues...

Neat! I just wonder how to check linux kernel(s) and embedded stuff not used
in FBSD. The kernel is quite mission impossible because of the patch hell...

-- ynezz

Re: Using oeaudit.py to check for known security issues

[Holger Hans Peter Freyther]

On Tuesday 23 March 2010 11:02:14 Petr Štetiar wrote:
> Holger Hans Peter Freyther <holger+oe@freyther.de> [2010-03-23 10:33:40]:

> 
> Neat! I just wonder how to check linux kernel(s) and embedded stuff not
> used in FBSD. The kernel is quite mission impossible because of the patch
> hell...

Yeah glibc, udev, linux is not covered by it at all. The idea is to extend the 
script to use Gentoo GLSA database, maybe debian...

z.