bpmcdevitt/misc_rbtools
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
misc_rbtools/security_tools/redhat_tools/README.md

93 lines
3.8 KiB
Markdown
Raw Permalink Normal View History

added a README for redhat pkg
2021-01-06 12:09:39 -06:00
# RPM Pkg Audit
This command-line program cn be used to query data against Redhat's Security API.
## Usage:
```
Usage: rpm_pkg_audit.rb [options]
-p, --pkg PKGNAME Takes a base pkg name and returns cves from redhats security API.
-l, --list List packages in the XML datafile.
-x, --xmlpkg PKGNAME The pkg name you want to audit from xml file rpm-to-cve.xml
-r, --refresh Refresh rpm-to-cve.xml file with latest pkgs and cves
-c, --cve CVE-2020-1234 Takes a cve id and returns cve json from redhats security API.
-f, --cves-from-file cves.txt Takes a file one cve id per line and sends a batch request to redhat security API
-a, --advisory RHSA-2019:0997 Takes a RHSA advisory and sends an API request to redhat RHSA-2015:2155
```
#### --refresh
By default there needs to be a ./data directory in the project where running the script. It needs to have an XML file named rpm-to-cve.xml inside of the data dir. This file is sourced from [here](https://www.redhat.com/security/data/metrics/rpm-to-cve.xml). You can run the --refresh command to download a fresh copy of this file.
#### --list
This will list out all of the packages that are present in the XML file rpm-to-cve.xml. You can pipe the output to grep to search for specific package names.
```
./rpm_pkg_audit.rb --list | grep ^sudo-devel
sudo-devel-0:1.8.19p2-12.el7_4.1
sudo-devel-0:1.8.19p2-14.el7_5.1
sudo-devel-0:1.8.23-3.el7_6.1
sudo-devel-0:1.8.23-4.el7_7.1
sudo-devel-0:1.8.23-4.el7_7.2
sudo-devel-0:1.8.6p3-12.el6
sudo-devel-0:1.8.6p3-12.el6_5.2
sudo-devel-0:1.8.6p3-15.el6_6.2
sudo-devel-0:1.8.6p3-19.el6
sudo-devel-0:1.8.6p3-25.el6_8
sudo-devel-0:1.8.6p3-28.el6_9
sudo-devel-0:1.8.6p3-29.el6_10.2
sudo-devel-0:1.8.6p3-29.el6_10.3
sudo-devel-0:1.8.6p3-29.el6_9
sudo-devel-0:1.8.6p3-7.el6
sudo-devel-0:1.8.6p7-16.el7
sudo-devel-0:1.8.6p7-17.el7_2.2
sudo-devel-0:1.8.6p7-20.el7
sudo-devel-0:1.8.6p7-21.el7_3
sudo-devel-0:1.8.6p7-22.el7_3
sudo-devel-0:1.8.6p7-23.el7_3
sudo-devel-0:1.8.6p7-23.el7_3.2
```
#### --xmlpkg
This will parse the XML file rpm-to-cve.xml for the package name given.
If there are results, the output will be pretty printed to the screen.
#### --pkg
This will send an API query to Redhat's Security API.
`GET /cve.json?package=base_package_name`
The output will be pretty printed to the screen.
#### --cve
This will send an API query to Redhat's Security API.
`GET /cve/CVE_ID.json`
The output will be pretty printed to the screen.
#### --cves-from-file
This command expects a file to be present with one single CVE id per line.
This will send X num of batch API query to Redhat's Security API depending how many are in the txt file. 500 CVE IDS per API query
`GET /cve/CVE_ID, CVE_ID, CVE_ID, CVE_ID, etc...`
The output will be pretty printed to the screen.
#### --advisory
This will send an API query to Redhat's Security API.
`GET /cve.json?advisory=ADVISORY_ID`
The output will be pretty printed to the screen.
### helper shellscript
To filter out operating system and the package that needs to be upgraded to quickly there is a helper shellscript provided in this repo.
It uses `jq` to quickly filter out the package needed to be upgraded from the redhat json api response data. Example usage:
```
./rhel_pkg_upgrade_for_cve.sh CVE-2016-3627 'Red Hat Enterprise Linux 6' [4:28:57]
{
"cve_id": "CVE-2016-3627",
"product_name": "Red Hat Enterprise Linux 6",
"package_name": "libxml2-0:2.7.6-21.el6_8.1"
}
./rhel_pkg_upgrade_for_cve.sh CVE-2016-3627 'Red Hat Enterprise Linux 7'
{
"cve_id": "CVE-2016-3627",
"product_name": "Red Hat Enterprise Linux 7",
"package_name": "libxml2-0:2.9.1-6.el7_2.3"
}
```a
Reference in a new issue Copy permalink