Open-AudIT
https://www.open-audit.org/phpBB3/

Detects Slackware packages
https://www.open-audit.org/phpBB3/viewtopic.php?f=5&t=2725
Page 1 of 1

Author:  mooman [ Fri Apr 11, 2008 2:11 am ]
Post subject:  Detects Slackware packages

Hi everyone,

I just started using openaudit. it's a great system. I first started scanning my slack box, and realized that the audit_linux.sh script didn't detect slack correctly, and none of the software were detected.

the first problem seems to be because Ubuntu detection was looking at "/etc/issue" and it seems a lot of linux distro has this file, so any system with it gets assigned as Ubuntu. I've never used Ubuntu, so i dont know if there are any other way to tell what it is. But i moved that detection to the very last case statement, to have it try to detect other systems first.

I know software detection is fairly new (only in svn it seems), so i added a slackware package detections. They were simple changes, attached is the patch. i've tested it on my Slack 12 and i am quite confident it will work on older versions of slack also.

[code]
--- audit_linux.sh 2008-04-09 17:41:23.000000000 -0700
+++ audit_linux_slack.sh 2008-04-09 17:41:23.000000000 -0700
@@ -10,6 +10,7 @@
OA_PACKAGES="apt azureus bash build-essential cdparanoia cdrdao cdrecord cpp cron cupsys cvs dbus dhcp3-client diff dpkg epiphany-browser esound evolution firefox flashplugin-nonfree foomatic-db g++ gaim gcc gdm gedit gimp gnome-about gnucash gnumeric gtk+ httpd inkscape iptables k3b kdebase koffice libgnome2-0 linux-image-386 metacity mozilla-browser mysql-admin mysql-query-browser mysql-server-4.1 nautilus openoffice.org openssh-client openssh-server perl php4 php5 postfix postgresql python python2.4 rdesktop rhythmbox samba-common sendmail smbclient subversion sun-j2re1.5 swf-player synaptic thunderbird tsclient udev vim vlc vnc-common webmin xfce xmms xserver-xorg"
OA_DPKG_TRACK=$OA_PACKAGES
OA_YUM_TRACK=$OA_PACKAGES
+OA_PKG_TRACK=$OA_PACKAGES

# If you're not worried about attacks, you can just use the first one in the path.
if [ $OA_SAFEMODE="n" ] || [ $OA_SAFEMODE="N" ]
@@ -29,6 +30,7 @@
OA_HOSTNAME=`which hostname`
OA_IFCONFIG=`which ifconfig`
OA_LSPCI=`which lspci`
+ OA_PKG=`which pkgtool 2> /dev/null`
OA_RM=`which rm`
OA_UNAME=`which uname`
OA_TAIL=`which tail`
@@ -51,6 +53,7 @@
OA_HOSTNAME=/bin/hostname
OA_IFCONFIG=/sbin/ifconfig
OA_LSPCI=/usr/bin/lspci
+ OA_PKG=/var/log/packages
OA_RM=/bin/rm
OA_TAIL=/usr/bin/tail
OA_UNAME=/bin/uname
@@ -124,10 +127,6 @@
distribution="Novell SuSE"
OS_RELEASE=`$OA_CAT /etc/SuSE-release`
OS_PCK_MGR=$OA_YUM
- elif test -f /etc/issue; then
- distribution="Ubuntu"
- OS_RELEASE=`$OA_CAT /etc/issue`
- OS_PCK_MGR=$OA_DPKG
elif test -f /etc/debian_version; then
distribution="Debian"
OS_RELEASE=`$OA_CAT /etc/debian_version`
@@ -147,15 +146,19 @@
elif test -f /etc/slackware-release; then
distribution="Slackware"
OS_RELEASE=`$OA_CAT /etc/slackware-release`
- OS_PCK_MGR=''
+ OS_PCK_MGR=$OA_PKG
elif test -f /etc/slackware-version; then
distribution="Slackware"
OS_RELEASE=`$OA_CAT /etc/slackware-version`
- OS_PCK_MGR=''
+ OS_PCK_MGR=$OA_PKG
elif test -f /etc/yellowdog-release; then
distribution="Yellow dog"
OS_RELEASE=`$OA_CAT /etc/yellowdog-release`
OS_PCK_MGR=''
+ elif test -f /etc/issue; then
+ distribution="Ubuntu"
+ OS_RELEASE=`$OA_CAT /etc/issue`
+ OS_PCK_MGR=$OA_DPKG
else distribution="unknown"
OS_RELEASE="unknown"
OS_PCK_MGR=''
@@ -418,6 +421,31 @@
fi
done
fi
+elif [ "$OS_PCK_MGR" = "$OA_PKG" ]
+then
+ OA_ALL_PACKAGES=`ls /var/log/packages`
+
+ if [ "$OA_PKG_TRACK" = "" ]
+ then
+ for OA_PACKAGE_LINE in $OA_ALL_PACKAGES; do
+ OA_PACKAGE_NAME=`echo $OA_PACKAGE_LINE | $OA_AWK '{ match($0, /^([a-zA-Z\-]*)\-([0-9].*)$/, a); print a[1] }' 2> /dev/null`
+ OA_PACKAGE_VERSION=`echo $OA_PACKAGE_LINE | $OA_AWK '{ match($0, /^([a-zA-Z\-]*)\-([0-9].*)$/, a); print a[2] }' 2> /dev/null`
+
+ if [ "$OA_PACKAGE_NAME" ] && [ "$OA_PACKAGE_VERSION" ]
+ then
+ echo "software^^^$OA_PACKAGE_NAME^^^$OA_PACKAGE_VERSION^^^^^^^^^^^^^^^^^^^^^^^^^^^" >> $ReportFile
+ fi
+ done
+ else
+ for OA_PACKAGE_NAME in $OA_PKG_TRACK; do
+ OA_PACKAGE_VERSION=`ls /var/log/packages | $OA_GREP "$OA_PACKAGE_NAME" | $OA_TAIL -n1 | $OA_AWK '{ match($0, /^([a-zA-Z\-]*)\-([0-9].*)$/, a); print a[2] }' 2> /dev/null`
+
+ if [ "$OA_PACKAGE_VERSION" ]
+ then
+ echo "software^^^$OA_PACKAGE_NAME^^^$OA_PACKAGE_VERSION^^^^^^^^^^^^^^^^^^^^^^^^^^^" >> $ReportFile
+ fi
+ done
+ fi
fi

COLUMNS=OA_OLDCOLUMNS
[/code]

Author:  Mark [ Fri Apr 11, 2008 12:32 pm ]
Post subject:  Re: Detects Slackware packages

Have committed to SVN.

Page 1 of 1 All times are UTC + 10 hours
Powered by phpBB® Forum Software © phpBB Group
https://www.phpbb.com/