1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
#! /usr/bin/env python
# kernel-check -- Kernel security information
# Copyright 2009-2009 Gentoo Foundation
# Distributed under the terms of the GNU General Public License v2
import getopt
import portage
import sys
import os
import kernellib as lib
def main(argv):
'Main function'
info = portage.output.EOutput().einfo
warn = portage.output.EOutput().ewarn
error = portage.output.EOutput().eerror
color = portage.output.colorize
term = portage.output.get_term_size()
try:
opts, args = getopt.getopt(argv, 'hnr:s:v',
['help', 'nocolor', 'report=', 'show=', 'verbose'])
except getopt.GetoptError:
usage()
for opt, arg in opts:
if opt in ('-h', '--help'):
usage()
elif opt in ('-n', '--nocolor'):
portage.output.nocolor()
elif opt in ('-r', '--report'):
return
# TODO report(arg)
elif opt in ('-s', '--show'):
return
# TODO show_bugid(arg)
elif opt in ('-v', '--verbose'):
lib.VERBOSE = True
print '>>> Gathering system information'
kernel = lib.extract_version(os.uname()[2])
best = lib.best_version(kernel.source)
if kernel is not None:
info('Kernel version: %s' % (color('GOOD', '%s-%s' %
(kernel.version, kernel.revision))))
info('Kernel sources: %s' % color('GOOD', kernel.source))
else:
error('No kernel information found!')
sys.exit()
genpatch = lib.get_genpatch(lib.read_genpatch_file('out'), kernel)
if genpatch is not None:
info('Integrated genpatch: %s' % color('GOOD', '%s %s' %
(genpatch.version, repr(genpatch))))
else:
warn('No genpatch information found!')
arch = portage.settings['ARCH']
if arch:
info('System architecture: %s' % color('GOOD', arch))
else:
error('No system architecture found!')
sys.exit()
print '\n>>> Reading all kernel vulnerabilities'
schedule = lib.parse_cve_files('out', kernel, best, arch)
if schedule is not None:
info('%s files read' % color('GOOD', str(schedule.read)))
info('%s match this system' % color('GOOD', str(schedule.match)))
info('%s have been fixed' % color('GOOD', str(schedule.fixed)))
if len(schedule.canfix):
error('%s can be fixed by upgrading' %
color('BAD', str(len(schedule.canfix))))
else:
info('No vulnerability can be fixed by upgrading')
if len(schedule.notfix):
warn('%s have not been fixed yet' %
color('WARN', str(len(schedule.notfix))))
else:
info('No vulnerability have not been fixed yet')
else:
error('No vulnerability files found!')
sys.exit()
if len(schedule.canfix):
print '\nThese could be fixed by upgrading:'
for item in schedule.canfix:
print '\n Bugid %s:' % item.bugid
for cve in item.cves:
print ' %s - %s\n "%s..."' % (cve.cve,
cve.severity, cve.desc[:term[1]-14])
print ''
info('To print more information about a vulnerability try:')
info(' $ %s -i [bugid]' % sys.argv[0])
info('')
info('It is recommended to upgrade your kernel to [%s]' %
color('GOOD', best))
else:
info('')
info('Your kernel is up to date!')
def usage():
'Prints the usage screen'
print 'Usage: %s [OPTION]...' % sys.argv[0][:-3]
print 'Kernel security information\r\n'
print ' -h, --help display help information'
print ' -n, --nocolor disable colors'
print ' -r, --report [file] create a security report'
print ' -s, --show [bugid] display information about a bug'
print ' -v, --verbose display debugging information'
print '\r\nVersion: %s' % lib.VERSION
sys.exit()
if __name__ == '__main__':
main(sys.argv[1:])
|