Actually, SuSE used to use YUM, but they have moved away from it in the latest versions. Suggestion: how about dropping support for YUM altogether since RPM or DEB contains the same info in more accessible form?
I modified audit_linux.sh as follows (this is a diff against the tip of SVN right now) to add RPM support.
Fortunately, monitoring either all or just some packages is very easy with RPM:
(get all packages) rpm -qa
(get only those packages we are interested in, from $OA_RPM_TRACK):
rpm -q $OA_RPM_TRACK
14d13 < OA_RPM_TRACK=$OA_PACKAGES 41d39 < OA_RPM=`which rpm 2>/dev/null` 65d62 < OA_RPM=/bin/rpm 116c113 < OS_PCK_MGR=$OA_RPM --- > OS_PCK_MGR=$OA_YUM 120c117 < OS_PCK_MGR=$OA_RPM --- > OS_PCK_MGR=$OA_YUM 124c121 < OS_PCK_MGR=$OA_RPM --- > OS_PCK_MGR=$OA_YUM 132c129 < OS_PCK_MGR=$OA_RPM --- > OS_PCK_MGR=$OA_YUM 429,450c426 < if [ "$OS_PCK_MGR" == "$OA_RPM" ] < then < < # we use RPM to get either all packages, or only the interesting ones, with their versions < if [ "$OA_RPM_TRACK" == "" ] < then < OA_INTERESTING_PACKAGES=`$OA_RPM -qa` < else < OA_INTERESTING_PACKAGES=`$OA_RPM -q $OA_RPM_TRACK` < fi < < for OA_PACKAGE_LINE in $OA_INTERESTING_PACKAGES < do < OA_PACKAGE_NAME=`echo $OA_PACKAGE_LINE | $OA_AWK '{ match($0, /^([a-zA-Z\-]*)\-([0-9].*)$/, a); print a[1] }' 2> /dev/null` < OA_PACKAGE_VERSION=`echo $OA_PACKAGE_LINE | $OA_AWK '{ match($0, /^([a-zA-Z\-]*)\-([0-9].*)$/, a); print a[2] }' 2> /dev/null` < if [ "$OA_PACKAGE_NAME" ] && [ "$OA_PACKAGE_VERSION" ] < then < echo "software^^^$OA_PACKAGE_NAME^^^$OA_PACKAGE_VERSION^^^^^^^^^^^^^^^^^^^^^^^^^^^" >> $ReportFile < fi < done < < elif [ "$OS_PCK_MGR" = "$OA_PKG" ] --- > if [ "$OS_PCK_MGR" = "$OA_PKG" ]
|