diff --git a/security_tools/redhat_tools/README.md b/security_tools/redhat_tools/README.md new file mode 100644 index 0000000..4090524 --- /dev/null +++ b/security_tools/redhat_tools/README.md @@ -0,0 +1,92 @@ +# RPM Pkg Audit +This command-line program cn be used to query data against Redhat's Security API. + +## Usage: +``` +Usage: rpm_pkg_audit.rb [options] + -p, --pkg PKGNAME Takes a base pkg name and returns cves from redhats security API. + -l, --list List packages in the XML datafile. + -x, --xmlpkg PKGNAME The pkg name you want to audit from xml file rpm-to-cve.xml + -r, --refresh Refresh rpm-to-cve.xml file with latest pkgs and cves + -c, --cve CVE-2020-1234 Takes a cve id and returns cve json from redhats security API. + -f, --cves-from-file cves.txt Takes a file one cve id per line and sends a batch request to redhat security API + -a, --advisory RHSA-2019:0997 Takes a RHSA advisory and sends an API request to redhat RHSA-2015:2155 +``` + + +#### --refresh +By default there needs to be a ./data directory in the project where running the script. It needs to have an XML file named rpm-to-cve.xml inside of the data dir. This file is sourced from [here](https://www.redhat.com/security/data/metrics/rpm-to-cve.xml). You can run the --refresh command to download a fresh copy of this file. + +#### --list +This will list out all of the packages that are present in the XML file rpm-to-cve.xml. You can pipe the output to grep to search for specific package names. +``` +./rpm_pkg_audit.rb --list | grep ^sudo-devel +sudo-devel-0:1.8.19p2-12.el7_4.1 +sudo-devel-0:1.8.19p2-14.el7_5.1 +sudo-devel-0:1.8.23-3.el7_6.1 +sudo-devel-0:1.8.23-4.el7_7.1 +sudo-devel-0:1.8.23-4.el7_7.2 +sudo-devel-0:1.8.6p3-12.el6 +sudo-devel-0:1.8.6p3-12.el6_5.2 +sudo-devel-0:1.8.6p3-15.el6_6.2 +sudo-devel-0:1.8.6p3-19.el6 +sudo-devel-0:1.8.6p3-25.el6_8 +sudo-devel-0:1.8.6p3-28.el6_9 +sudo-devel-0:1.8.6p3-29.el6_10.2 +sudo-devel-0:1.8.6p3-29.el6_10.3 +sudo-devel-0:1.8.6p3-29.el6_9 +sudo-devel-0:1.8.6p3-7.el6 +sudo-devel-0:1.8.6p7-16.el7 +sudo-devel-0:1.8.6p7-17.el7_2.2 +sudo-devel-0:1.8.6p7-20.el7 +sudo-devel-0:1.8.6p7-21.el7_3 +sudo-devel-0:1.8.6p7-22.el7_3 +sudo-devel-0:1.8.6p7-23.el7_3 +sudo-devel-0:1.8.6p7-23.el7_3.2 +``` + +#### --xmlpkg +This will parse the XML file rpm-to-cve.xml for the package name given. +If there are results, the output will be pretty printed to the screen. + +#### --pkg +This will send an API query to Redhat's Security API. +`GET /cve.json?package=base_package_name` +The output will be pretty printed to the screen. + +#### --cve +This will send an API query to Redhat's Security API. +`GET /cve/CVE_ID.json` +The output will be pretty printed to the screen. + +#### --cves-from-file +This command expects a file to be present with one single CVE id per line. +This will send X num of batch API query to Redhat's Security API depending how many are in the txt file. 500 CVE IDS per API query +`GET /cve/CVE_ID, CVE_ID, CVE_ID, CVE_ID, etc...` +The output will be pretty printed to the screen. + +#### --advisory +This will send an API query to Redhat's Security API. +`GET /cve.json?advisory=ADVISORY_ID` +The output will be pretty printed to the screen. + +### helper shellscript +To filter out operating system and the package that needs to be upgraded to quickly there is a helper shellscript provided in this repo. +It uses `jq` to quickly filter out the package needed to be upgraded from the redhat json api response data. Example usage: + +``` +./rhel_pkg_upgrade_for_cve.sh CVE-2016-3627 'Red Hat Enterprise Linux 6' [4:28:57] +{ + "cve_id": "CVE-2016-3627", + "product_name": "Red Hat Enterprise Linux 6", + "package_name": "libxml2-0:2.7.6-21.el6_8.1" +} + +./rhel_pkg_upgrade_for_cve.sh CVE-2016-3627 'Red Hat Enterprise Linux 7' +{ + "cve_id": "CVE-2016-3627", + "product_name": "Red Hat Enterprise Linux 7", + "package_name": "libxml2-0:2.9.1-6.el7_2.3" +} + +```a