Gentoo Wiki ArchivesGentoo Wiki

SECURITY_Getting_GLSAs_by_Email

This article is part of the Security series.

Contents

Abstract

This document outlines a method for receiving regular notifications via email of Gentoo Linux Security Advisories (GLSA) related to the specific packages you have installed.


The Problem

GLSA's were created as a means of informing administrators of packages that have security issues associated with them, and the means to update and/or fix those problems. The problem is that there is currently no method of receiving notifications via email (or otherwise) about security implications relating to your specific package set.

Steps

Create the file /usr/local/bin/glsa.sh:

File: /usr/local/bin/glsa.sh
#!/bin/bash

E_OPTERROR=65

TIMESTAMP="`date +"%s"`"
MailReport=0
MailTo="${USER}@$(domainname -d)"
MailFrom="${USER}@$(domainname -d)"
TMPLOG=/tmp/.glsa-check-${TIMESTAMP}.${PPID}
TMPDATA=/tmp/.glsa-check-data-${TIMESTAMP}.${PPID}

trap 'rm -f "${TMPLOG}" "${TMPDATA}"; exit;' TERM INT EXIT HUP KILL

function usage() {

    echo "Usage: `basename $0` [-h] [-m [-t <to email>] [-f <from email>]]"
        echo "       -m:  Mail Report (automatically turned on if -t or -f are used)"
        echo "       -t:  Email address to mail report to (default: ${USER}@$(domainname -d))"
        echo "       -f:  Email address to use as the From address (default: ${USER}@$(domainname -d))"
        echo "       -h:  This help stuff :-)"
}

function generateReport() {

    local counter advisory

    /usr/bin/glsa-check --nocolor --list 2>&1 | grep -E '^[0-9-]+ \[N' > "${TMPDATA}"

    if [ -z "$(cat ${TMPDATA} | tr -d "\n\r ")" ]; then
        exit;
    else
        total=$(cat ${TMPDATA} | wc -l)
        {
            counter=0;
            echo "Current Relevant Security Advisories:";
            echo "-------------------------------------";
            echo
            echo "Summary:";
            echo "--------";
            echo

            while read line; do
                advisory="$(echo $line | perl -pi -e 's/^([0-9-]+)[^\]]+\] ([^(]+).*/(GLSA \1) \2/g')";
                counter=$(($counter + 1));

                echo "${counter}  -  ${advisory}";
            done < "${TMPDATA}"

                echo
            echo "Full text listing:";
            echo "------------------";
                    echo

            counter=0;
            for advisory in $(cat "${TMPDATA}" | perl -pi -e 's/^([0-9-]+).*\n/\1 /g'); do
                counter=$(($counter + 1));
                echo -en "${counter} - ";
                /usr/bin/glsa-check --dump $advisory 2>/dev/null
            done
        } > "${TMPLOG}"

        if [ ${MailReport} -eq 1 ]; then
            mail "${MailTo}" -a "From: ${MailFrom}" -s "$(uname -n) Security Advisories (${total} package(s))" < "${TMPLOG}"
        else
            cat "${TMPLOG}"
        fi
    fi
}

while getopts "hmt:f:" Option
do
  case $Option in
    m ) MailReport=1;;
    t ) {
            MailTo="${OPTARG}"
            MailReport=1
            if [ -z "${MailTo}" -o $(echo "${MailTo}" | grep -cP '^[A-Za-z0-9_.+-]+@([a-zA-Z0-9-]+\.)+[a-zA-Z0-9]+') -le 0 ]; then
                echo
                echo "Invalid (-t) Mail To address '${MailTo}' !!";
                echo
                usage;
                exit $E_OPTERROR;
            fi
        };;
    f ) {
            MailReport=1
            MailFrom="${OPTARG}"
            if [ -z "${MailFrom}" -o $(echo "${MailFrom}" | grep -cP '^[A-Za-z0-9_.+-]+@([a-zA-Z0-9-]+\.)+[a-zA-Z0-9]+') -le 0 ]; then
                echo
                echo "Invalid (-f) Mail From address '${MailFrom}' !!";
                echo
                usage;
                exit $E_OPTERROR;
            fi
        };;
    h | *) usage;
        exit 1;;
  esac
done

shift $(($OPTIND - 1))

generateReport

exit 0;


Make sure the script is executable:

chmod ug+x /usr/local/bin/glsa.sh 


Create a cronjob for it to run at 5 after midnight every night:

File: crontab
5 0 * * *  /usr/local/bin/glsa.sh -t noc@somewhere.com -f glsa@somewhere.com


Warning: You'll want to set this script to run (via cron) after your weekly/daily/whatever emerge sync, otherwise, it won't be able to give you accurate GLSA information

Notes

Dependencies

  1. mailx
  2. perl
  3. glsa-check (duh!)

Other Options

Retrieved from "http://www.gentoo-wiki.info/SECURITY_Getting_GLSAs_by_Email"

Last modified: Sun, 07 Sep 2008 06:11:00 +1000 Hits: 9,569

Created by NickStallman.net, Luxury Homes Australia
Real estate agents should list their apartments, townhouses and units in Australia.