Re: List of installed software packages: pkg_info?

Siem Korteweg <siem@xxxxxxxxx> wrote:
"Joachim Schipper" <jdNoOtSPAMschipper@xxxxxxxxxx> schreef in bericht
news:467c24b3$0$49489$dbd4f001@xxxxxxxxxxxxxxxxxx
Do
security upgrades for OpenBSD upgrade separate programs to higher
versions? Is sendmail version 8.14.0 the only possible version for
all
systems with OpenBSD 4.1?
On a semi-related note, I'd find your software tremendously more
useful if it could be told not to show configuration files that have
not been modified from the default; the listing you have now is
extremely verbose and far less informative than it could be. (Exactly
how to implement this is another question; including checksums is
easy, but time-consuming.)
Did you have a look at the logbook?
http://www.openeyet.nl/scc/examples/scc.openbsd41.log.html

Well, evidently not. Sorry!

It shows only the changes that have been recorded during all runs. It
only shows the lines that actually changed.
Wading through such a snapshot is not my favorite passtime. Snapshots
are sent to a server where they can be searched and compared.

That sounds like a sensible idea - that will take quite a bit of work.

If that is the case, registrating the
OpenBSD version would imply the contents of the software inventory.

I am afraid I do not understand this sentence.
From the release notes I know that all OpenBSD 4.1 systems start with:
- sendmail 8.14.0
- apache 1.3.29
- xxxx a.b.c
and so on. The names and versions of these products are what I meant
with the contents of the software inventory. Rephrasing the sentence:

When it is impossible to increase the version of any of these products
without upgrading to 4.2, registration of release 4.1 in the snapshot
would be sufficient to deduce the versions of all of these products.

Not entirely, ISTR a new OpenSSH version getting imported into -stable
once.

Also, it depends on what you call 'version'. A sendmail that is not
vulnerable to a remote root hole is meaningfully different from the same
version of sendmail with an unpatched vulnerability allowing anyone to
take over the box.

Ideally, you'd capture kern.version (-stable, -current, and finding out
what version it's running) and a patchlevel, but the latter is almost
impossible to figure out (write an auto-patching script and update
/etc/patchlevel?)

Joachim
.

Relevant Pages

  • Re: List of installed software packages: pkg_info?
    ... security upgrades for OpenBSD upgrade separate programs to higher ... Is sendmail version 8.14.0 the only possible version ... systems with OpenBSD 4.1? ... Wading through such a snapshot is not my favorite passtime. ...
    (comp.unix.bsd.openbsd.misc)
  • Re: Why is sendmail is part of the system and not a package?
    ... OpenBSD: wanted something more secure. ... I had to dive into the configuration of sendmail to ... delivery/transport agent, for stuff such as periodic, cron, etc. ... and clean implementation of a mailer in the base. ...
    (freebsd-questions)
  • Re: vpopmail and sendmail
    ... would alwyas cry about db version when we do upgrades and at the time ... Would you like to *test* integrating vpopmail with sendmail? ... support for vpopmail running on a few different OS account ...
    (comp.mail.sendmail)
  • vpopmail and sendmail [Was: Sendmail virtual domain users withOUT local accounts]
    ... would alwyas cry about db version when we do upgrades and at the time ... Would you like to *test* integrating vpopmail with sendmail? ... support for vpopmail running on a few different OS account ...
    (comp.mail.sendmail)
  • Re: A Few Noob Questions.
    ... So it's okay to run sendmail for security reports etc? ... A fresh OpenBSD install disable these incoming connection by default unless you allow them? ... tweak the system to make it secure. ... - the base system, including external packages like httpd and named, has ...
    (comp.unix.bsd.openbsd.misc)