Re: software security auditing in Linux-based systems

["Gleb Paharenko" <gpaharenko () gmail com>]

Hi.

For debian - it is "debsecan". Combine it with apt-listbugs.
For RedHat - you can see vulnerabilities though RHN account of your
system, or on RHN Satellite in case you do not want to connect your
system directly to internet.



2008/7/3 Chad Perrin <perrin () apotheon com>:
> After some cursory searching, and having used a few distributions for a
> few years, I haven't found any software vulnerability auditing software
> for any Linux distribution equivalent to FreeBSD's portaudit or NetBSD's
> audit-packages.  In fact, FreeBSD seems to have two such tools, as it can
> claim vxquery in addition to portaudit, and I have yet to find even one
> such tool for any Linux distribution.  Have I missed something obvious?
> Is there such a tool for any Linux distribution out there?
>
> Failing that -- is there at least something like the vuxml RSS feeds [1]
> for FreeBSD and OpenBSD, but for Linux distributions instead?
>
> If no comparable vulnerability auditing tools exist for any Linux
> distributions, this seems like a pretty significant oversight.
>
> ==
> [1]: http://www.vuxml.org/
>
> --
> Chad Perrin [ content licensed PDL: http://pdl.apotheon.org ]
> McCloctnick the Lucid: "The first rule of magic is simple. Don't waste
> your time waving your hands and hopping when a rock or a club will do."



-- 
Best regards.
Gleb Pakharenko.
http://gpaharenko.livejournal.com
http://www.linkedin.com/in/gpaharenko