package auditing in fedora
Todd Zullinger
tmz at pobox.com
Fri Aug 3 14:13:08 UTC 2007
Sam Varshavchik wrote:
> Jaigh Jaddo writes:
>
>> Is there a tool similar to freeBSD's portaudit? Something that will
>> report packages that have known vulnerabilities.
>
> No. For the simple reason that a known vulnerability results in an
> updated package. If you want to make sure that you're not running
> any known vulnerability, run "yum update".
There can be known vulnerabilities that are not fixed yet. I thought
that was what Jaigh was asking about, and this is the sort of info
that's in the fedora-security/audit files.
--
Todd OpenPGP -> KeyID: 0xBEAF0CE3 | URL: www.pobox.com/~tmz/pgp
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
We never reflect how pleasant it is to ask for nothing.
-- Seneca
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 542 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/users/attachments/20070803/41b36dad/attachment-0002.bin
More information about the users
mailing list