Difference between revisions of "Manual Package Updates"

From NST Wiki
Jump to navigationJump to search
(Packages Which Have Updates)
 
(7 intermediate revisions by the same user not shown)
Line 1: Line 1:
 
Currently, there are no packages which have "add-ons" which need to be manually updated.
 
Currently, there are no packages which have "add-ons" which need to be manually updated.
  
 +
* Update the IAB and OUI files used by the arp-scan utility (use NST WUI to get two new ones download then transfer to ''src'' directory for the ''arp-scan'' RPM).
  
* The Metasploit exploits need to be manually updated to the latest version by hand before building the final release.
+
= Check Package URLs =
  
= Packages Which Are Updatable =
+
There are many ''pkginfo.xml'' files which are associated with the RPM packages making up the NST yum repository. Each of these ''pkginfo.xml'' files will have two or more URLs. As time goes by these URLs may ''move'' and need to be updated. You can run the ''make url-check'' command from the ''yum'' directory to:
  
Some other packages also have the notion of "updates", but these are either done automatically during the build process, or manually by the end user.
+
* Extract the URLs from each fo the ''pkginfo.xml'' files.
 +
* Run the ''curl -head'' command on each of the extracted URLs.
 +
* See '''ok''', '''skip''' or '''FAIL''' displayed on the screen next to each URL as it is checked.
 +
* Create two log files: ''url-check.log'' and ''url-check-details.log''.
  
* The clamav package should ship with the latest signatures (this should be automatic in the configure/build process).
+
Here is a example of running the command:
  
* The nikto package has a update feature, but at this time it is not done prior to build the ISO image.
+
[root@taco-dev32 dev]# cd yum
 +
[root@taco-dev32 yum]# make url-check
 +
[ok]  file:///root/dev/yum/pkgs/ipsc/src/ipsc-0.4.3.tar.bz2
 +
[ok]  file:///root/dev/yum/pkgs/nst-disk-speed/src/seeker.c
 +
[ok]  file:///root/dev/yum/pkgs/smtpclient/src/smtpclient-1.0.0.tar.gz
 +
[ok]  file:///root/dev/yum/pkgs/tcptrack/src/tcptrack-1.4.2.tar.gz
 +
 +
... output continues as all URLs are checked ...
 +
 +
[root@taco-dev32 yum]#
  
* The Nessus package allows one to update rules, but these rules can not be re-distributed. Hence the end users need to do this on their own.
+
If you just want to see the list of URLs with issues, you can run the following '''grep''' command on the generated log file:
  
* The Snort package is similar to Nessus.
+
[root@taco-dev32 yum]# grep -v ok url-check.log
 +
[skip] git://github.com/gnumaniacs/netsniff-ng.git
 +
[root@taco-dev32 yum]#
  
* The GeoIP databases are similar to Nessus.
+
NOTE: The ''skip'' entries indicate protocols which '''curl''' is unable to handle and verification is skipped. If you would like to verify the skipped entries, you will need to do it manually.
 +
 
 +
= Check Date Change Logs =
 +
 
 +
Run the following command to verify that all change log dates in the spec files are good.
 +
 
 +
[nst28-repo@nst yum]$ make changelog-date-check
 +
all - Changelog date(s) ok
 +
[nst28-repo@nst yum]$

Latest revision as of 12:05, 13 June 2021

Currently, there are no packages which have "add-ons" which need to be manually updated.

  • Update the IAB and OUI files used by the arp-scan utility (use NST WUI to get two new ones download then transfer to src directory for the arp-scan RPM).

Check Package URLs

There are many pkginfo.xml files which are associated with the RPM packages making up the NST yum repository. Each of these pkginfo.xml files will have two or more URLs. As time goes by these URLs may move and need to be updated. You can run the make url-check command from the yum directory to:

  • Extract the URLs from each fo the pkginfo.xml files.
  • Run the curl -head command on each of the extracted URLs.
  • See ok, skip or FAIL displayed on the screen next to each URL as it is checked.
  • Create two log files: url-check.log and url-check-details.log.

Here is a example of running the command:

[root@taco-dev32 dev]# cd yum
[root@taco-dev32 yum]# make url-check
[ok]   file:///root/dev/yum/pkgs/ipsc/src/ipsc-0.4.3.tar.bz2
[ok]   file:///root/dev/yum/pkgs/nst-disk-speed/src/seeker.c
[ok]   file:///root/dev/yum/pkgs/smtpclient/src/smtpclient-1.0.0.tar.gz
[ok]   file:///root/dev/yum/pkgs/tcptrack/src/tcptrack-1.4.2.tar.gz

... output continues as all URLs are checked ...

[root@taco-dev32 yum]# 

If you just want to see the list of URLs with issues, you can run the following grep command on the generated log file:

[root@taco-dev32 yum]# grep -v ok url-check.log
[skip] git://github.com/gnumaniacs/netsniff-ng.git
[root@taco-dev32 yum]# 

NOTE: The skip entries indicate protocols which curl is unable to handle and verification is skipped. If you would like to verify the skipped entries, you will need to do it manually.

Check Date Change Logs

Run the following command to verify that all change log dates in the spec files are good.

[nst28-repo@nst yum]$ make changelog-date-check
all - Changelog date(s) ok
[nst28-repo@nst yum]$