Difference between revisions of "Manual Package Updates"

From NST Wiki
Jump to navigationJump to search
(Packages Which Have Updates)
(6 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
Currently, there are no packages which have "add-ons" which need to be manually updated.
 
Currently, there are no packages which have "add-ons" which need to be manually updated.
  
 +
* Update the IAB and OUI files used by the arp-scan utility (use NST WUI to get two new ones download then transfer to ''src'' directory for the ''arp-scan'' RPM).
  
* The Metasploit exploits need to be manually updated to the latest version by hand before building the final release.
+
= Check Package URLs =
  
= Packages Which Are Updatable =
+
There are many ''pkginfo.xml'' files which are associated with the RPM packages making up the NST yum repository. Each of these ''pkginfo.xml'' files will have two or more URLs. As time goes by these URLs may ''move'' and need to be updated. You can run the ''make url-check'' command from the ''yum'' directory to:
 +
 
 +
* Extract the URLs from each fo the ''pkginfo.xml'' files.
 +
* Run the ''curl -head'' command on each of the extracted URLs.
 +
* See '''ok''', '''skip''' or '''FAIL''' displayed on the screen next to each URL as it is checked.
 +
* Create two log files: ''url-check.log'' and ''url-check-details.log''.
 +
 
 +
Here is a example of running the command:
 +
 
 +
[root@taco-dev32 dev]# cd yum
 +
[root@taco-dev32 yum]# make url-check
 +
[ok]  file:///root/dev/yum/pkgs/ipsc/src/ipsc-0.4.3.tar.bz2
 +
[ok]  file:///root/dev/yum/pkgs/nst-disk-speed/src/seeker.c
 +
[ok]  file:///root/dev/yum/pkgs/smtpclient/src/smtpclient-1.0.0.tar.gz
 +
[ok]  file:///root/dev/yum/pkgs/tcptrack/src/tcptrack-1.4.2.tar.gz
 +
 +
... output continues as all URLs are checked ...
 +
 +
[root@taco-dev32 yum]#
 +
 
 +
If you just want to see the list of URLs with issues, you can run the following '''grep''' command on the generated log file:
 +
 
 +
[root@taco-dev32 yum]# grep -v ok url-check.log
 +
[skip] git://github.com/gnumaniacs/netsniff-ng.git
 +
[root@taco-dev32 yum]#
 +
 
 +
NOTE: The ''skip'' entries indicate protocols which '''curl''' is unable to handle and verification is skipped. If you would like to verify the skipped entries, you will need to do it manually.
 +
 
 +
= Check Date Change Logs =
 +
 
 +
Run the following command to verify that all change log dates in the spec files are good.
 +
 
 +
[nst28-repo@nst yum]$ make changelog-date-check
 +
all - Changelog date(s) ok
 +
[nst28-repo@nst yum]$
 +
 
 +
= Packages Which Can Be Updated =
  
 
Some other packages also have the notion of "updates", but these are either done automatically during the build process, or manually by the end user.
 
Some other packages also have the notion of "updates", but these are either done automatically during the build process, or manually by the end user.
Line 11: Line 48:
  
 
* The nikto package has a update feature, but at this time it is not done prior to build the ISO image.
 
* The nikto package has a update feature, but at this time it is not done prior to build the ISO image.
 
* The Nessus package allows one to update rules, but these rules can not be re-distributed. Hence the end users need to do this on their own.
 
 
* The Snort package is similar to Nessus.
 
 
* The GeoIP databases are similar to Nessus.
 

Revision as of 07:54, 30 June 2018

Currently, there are no packages which have "add-ons" which need to be manually updated.

  • Update the IAB and OUI files used by the arp-scan utility (use NST WUI to get two new ones download then transfer to src directory for the arp-scan RPM).

Check Package URLs

There are many pkginfo.xml files which are associated with the RPM packages making up the NST yum repository. Each of these pkginfo.xml files will have two or more URLs. As time goes by these URLs may move and need to be updated. You can run the make url-check command from the yum directory to:

  • Extract the URLs from each fo the pkginfo.xml files.
  • Run the curl -head command on each of the extracted URLs.
  • See ok, skip or FAIL displayed on the screen next to each URL as it is checked.
  • Create two log files: url-check.log and url-check-details.log.

Here is a example of running the command:

[root@taco-dev32 dev]# cd yum
[root@taco-dev32 yum]# make url-check
[ok]   file:///root/dev/yum/pkgs/ipsc/src/ipsc-0.4.3.tar.bz2
[ok]   file:///root/dev/yum/pkgs/nst-disk-speed/src/seeker.c
[ok]   file:///root/dev/yum/pkgs/smtpclient/src/smtpclient-1.0.0.tar.gz
[ok]   file:///root/dev/yum/pkgs/tcptrack/src/tcptrack-1.4.2.tar.gz

... output continues as all URLs are checked ...

[root@taco-dev32 yum]# 

If you just want to see the list of URLs with issues, you can run the following grep command on the generated log file:

[root@taco-dev32 yum]# grep -v ok url-check.log
[skip] git://github.com/gnumaniacs/netsniff-ng.git
[root@taco-dev32 yum]# 

NOTE: The skip entries indicate protocols which curl is unable to handle and verification is skipped. If you would like to verify the skipped entries, you will need to do it manually.

Check Date Change Logs

Run the following command to verify that all change log dates in the spec files are good.

[nst28-repo@nst yum]$ make changelog-date-check
all - Changelog date(s) ok
[nst28-repo@nst yum]$ 

Packages Which Can Be Updated

Some other packages also have the notion of "updates", but these are either done automatically during the build process, or manually by the end user.

  • The clamav package should ship with the latest signatures (this should be automatic in the configure/build process).
  • The nikto package has a update feature, but at this time it is not done prior to build the ISO image.