HTTPS clone URL
Subversion checkout URL
Track Red Hat Security Advisories (RHSA) and verifying systems for compliance
Fetching latest commit...
Cannot retrieve the latest commit at this time.
|Failed to load latest commit information.|
DOWNLOADING ERRATA ^^^^^^^^^^^^^^^^^^ Sarah currently requires a stuffed directory of advisories from RHN as XML files. You can download these files automatically by using the aerrate.py script from Tim Rupp. Available from: svn co http://caphrim.net/svn/fermi/aerrate/trunk aerrate And issue the following command to scrape the RHN website for the most up-to-date advisories: cd aerrate ./aerrate.py -r --source=site --type=all --release=enterprise cd - This will copy all errata as XML files into ./aerrata/advisories/ USING SARAH ^^^^^^^^^^^ sarah currently expects the advisories to be available from ./advisories/. So making a symlink from aerrate/advisories to ./advisories is probably easiest. ln -sf aerrate/advisories . Then create an sqlite database out of these XML files, by doing: ./sarahdb.py You should now have a sarahdb.sqlite file in your current directory. To create some statistics from this database, use: ./sarahinfo.py The sarahinfo utility currently shows how to query the database. Not all information is currently available in the XML files. Red Hat will be releasing these XML files in the future with more information we can get out of the RHN website. I also added sarahsql to allow to query the database on the commandline, you can do queries in bash, like: ### Print filenames related to advisory ./sarahsql.py 'select distinct filename from rpm where advid == "RHSA-2005:039" order by filename' ### Show last 10 updated advisories ./sarahsql.py 'select advid, issued, updated, severity, synopsis from adv order by updated' | tail ### Show last 10 updated security advisories ./sarahsql.py 'select advid, issued, updated, severity, synopsis from adv where type == "RHSA" order by updated' | tail ### Show last 10 updates security advisories for 4AS ./sarahsql.py 'select distinct adv.advid,updated,severity,synopsis from adv,rpm where adv.advid == rpm.advid and type == "RHSA" and prodshort == "4AS" order by updated' | tail ### Show all files related to 3AS order by issue date ./sarahsql.py 'select issued,filename from rpm,adv where adv.advid == rpm.advid and prodshort == "3AS" and arch == "i386" order by issued' Help is welcome to extend sarah much further. The TODO file is the first stop for interesting parties. PROXY PROBLEMS ? ^^^^^^^^^^^^^^^^ If you're behind a proxy that only allows SSL Proxy access (CONNECT method) for HTTPS sites, you're currently out of luck. The urllib2 implementation of python only has the HTTPS GET method implemented. More information at: https://devel.linux.duke.edu/bugzilla/show_bug.cgi?id=543 http://aspn.activestate.com/ASPN/Cookbook/Python/Recipe/456195 A work-around would be to set up an HTTP-tunnel over your proxy by using proxytunnel, and then create a dynamic forwarding over SSH. And use dante or tocks to socksify aerrate's requests. http_proxy="" https_proxy="" dsocksify ./aerrate.py -r --source=site --type=all --release=enterprise MORE INFORMATION ^^^^^^^^^^^^^^^^ You can find more information about errata and errata classification at: http://www.redhat.com/security/updates/classification/ A live RSS feed to the latest security errata is available from: http://rhn.redhat.com/rpc/recent-errata.pxt Some information and statistics from the Red Hat security team: http://www.redhat.com/security/transparent/oval/ http://people.redhat.com/mjc/ http://people.redhat.com/mjc/oval/ General security information: http://cve.mitre.org/ http://oval.mitre.org/