Package Audit Tool
Does Arch Linux have a package auditing tool?
I know Arch is usually on top of most packages. I recently completed a scan of an Arch system that suggested installing a package audit tool to determine vulnerable packages. I know some OS', like FreeBSD, have an option to scan for vulnerable packages and ports, but I didn't find anything in the wiki that was comparable.
tzoi516 wrote:
Does Arch Linux have a package auditing tool?
I know Arch is usually on top of most packages. I recently completed a scan of an Arch system that suggested installing a package audit tool to determine vulnerable packages. I know some OS', like FreeBSD, have an option to scan for vulnerable packages and ports, but I didn't find anything in the wiki that was comparable.
As far as I know, no such tool currently exists. But the Arch CVE Monitoring Team has expressed ideas for eventually making a tool. For now one can follow the security mailing list for advisories.
Similar Messages
-
WLS 8.1 - Entity Beans CMP - Oracle 10g Audit Tool
Hi,
We are defining the architecture of a new application on WebLogic Server 8.1 and Oracle 10g.
We are thinking in using CMP Entity Beans and we need to integrate our system with Oracle Audit Tool.
Can anybody give us some information about this issue ?
Thanks,
Javier CanoI really don't see the point of using CMP with an expensive, fully featured database like Oracle. MySQL or a flat file maybe. Otherwise it is just a waste of purchased resources.
-
Hi,
Created an installer i.e, meta package using package maker tool. I want to prevent downgrading of the application or package on the target/installed volume.
Problem is, if there is a newer version of app and when I try to install any older version, then it does not throw any error message to the end user and replaces the existing newer version with the older version of app, which should not happen. But, if I check the package version using version comparison of Package maker tool, that works fine with flat packages i.e, with the .pkg files. So, I need the solution for metapackages(.mpkg) and want to prevent downgrading of app for metapackages. I am not getting any solutions for this. Can someone guide me on this?
Thanks for the help provided.
Hi,
Created an installer i.e, meta package using package maker tool. I want to prevent downgrading of the application or package on the target/installed volume.
Problem is, if there is a newer version of app and when I try to install any older version, then it does not throw any error message to the end user and replaces the existing newer version with the older version of app, which should not happen. But, if I check the package version using version comparison of Package maker tool, that works fine with flat packages i.e, with the .pkg files. So, I need the solution for metapackages(.mpkg) and want to prevent downgrading of app for metapackages. I am not getting any solutions for this. Can someone guide me on this?
Thanks for the help provided.
-
Hi, Is there any audit tool which can provide us with the details fo the transaction code being used by a particular user along with the data being accessed / activity being performed by using the said t-code.
Kindly let me know as soon as possible.> 1. Use sm20 and sm21 for audit logs. Check settings via sm19.
> 2. Run st03n for txn details and users.
> 3. Run STAD but you will get limited historical data.
> 4. Run table SGOSHIST.
> 5. Run SCU3 to check table data for logged tables.
> 6. Table CDHDR for Header entry change.
In addition to that you can use various server (specific) logs and extended tracing capabilities, some of which will have performance impacts.
Lets wait for more information about the use-case before answering further.
Cheers,
Julius
ps: Generally, please try to answer "good" questions. Some lazy questions from repeat offenders who do not make any attempt to search on their own might be deleted. -
Formula auditing tools in Numbers ´09?
Are there any formula auditing tools/functions in Numbers ´09?
In MS Excel, this features are of great help!Only the automatic syntax checking and error messages on execution, so far as I know. Perhaps a fuller description of what you expect from these tools/functions would assist responders in finding suggestions on how to accomplish similar results.
Regards,
Barry -
Need powerful network auditing tools...
Hi all,
We are looking to purchase powerful network auditing tools to do auditing for our big MNC customers.
Shall I get your recommendations about which products are number one with excellent feature set in Network auditing area?
Regards...
-Ashok.Hi all,
Can anybody help with my query?
Regards...
-Ashok. -
Howto - JDev 10.1.3 - Audit tools and Ant
Hi
I'm playing around with Audit tools. I want to be able to call this from Ant. One primitive method is as follows:
<target name="Audit" description="Running audit on source code">
<property name="audit" value="ojaudit"/>
<property name="profile" value="-profile MyRules"/>
<property name="project" value="test3.jpr"/>
<property name="output" value="-output d:\result.xml"/>
<exec executable="cmd.exe" os="Windows XP" >
<arg line="/c ${audit} ${profile} ${project} ${output}"/>
</exec>
</target>
With results like:
Audit:
[exec] Oracle JDeveloper 10g Early Access Audit 10.1.3.0.3.3412
[exec] Copyright (c) 2003-2005 Oracle. All Rights Reserved.
[exec]
[exec] Audit completed: 1 violation, no exceptions, 2 documents, 3 seconds
BUILD SUCCESSFUL
Total time: 3 seconds
But then I'm unable to handle the result - unless I parse the output file. I want the Ant build file to fail if ojaudit find errors. Is this possible?
I know the PMD extension exist but I really like the Jdev Audit stuff - but I need an interface to Ant to make it really useful: We have a build tool which build on every SCM check in. I would like the JDev Audit be part of that process so that source code problems (audit, metrics) are handles in the same process as well.
By the way JDev 10.1.3 is great...
johnnyNo not really (thanks anyway). The link shows basically the same as my input except for the better formatting of the output.
Both my and the example given both uses the Ant <exec> tag which start ojaudit from the command line. The problems still exist because I would like Ant to know if something was reported and the stop the Ant build process. A kind of "failOnValidationError".
PMD has this (example below shows and Ant tag called pmd which is part of the PMD system.
<pmd printToConsole="yes" failOnRuleViolation="on">
Can ojaudit also do something like this? Or is there a way Ant can "scan" the result from the audit process and take the appropriate action? -
Any code analysis , audit tool for adf
Hi,
Anyone aware of any code analysis and audit tool for ADF.
Thanks,
Rohitduplicate.
Free Security testing tool ADF
Edited by: ADF 7 on Jan 18, 2012 11:05 PM -
is there any best FWSM and ASA auditing tool which does'nt impact the firewall functioning
If you need to monitor only the users activity and check files (and binaries) integrity, you can use what we call File Integrity Checker, like Tripwire, AIDE, Samhain .
ciao
E. -
OpenG Package Builder tool 0.1-alpha6 released
Hello Everyone,
There is a new version of the OpenG Package
Builder tool (ogrsc_package_builder package) available. This tool
allows you to create package files that can be installed using VI Package Manager.
This release resolves an issue caused by a LabVIEW 8.x bug with handling variant coercion (see here for bug details).
See here for more info about this release.
You can download and install this library (as well as all the OpenG libraries) using VI Package Manager.
Thank you,
Message Edited by Jim Kring on 03-04-2007 10:58 PM
Attachments:
package_builder.png 28 KBBob Y. wrote:
OK, but what is it and why should I use it? What need does it fulfill? I have been unable to find much documentation for this at the wiki page and maybe a couple of paragraphs here would help.
Thanks,
Bob Young
Hi Bob,
Yes, this info got burried. Basically, it's a tool for building LabVIEW-based software products. It is highly flexible/extensible and tries to fill the holes left by LabVIEW's built-in Application Builder. Here are some good links to more info:
OpenG Builder Homepage
OpenG Builder 1.0 Documentation
Thanks,
-Jim -
Does anyone know if Cisco has a free network security audit tool?
Does anyone know if Cisco has a free network security audit too
No there is no free network security audit tool but you can using any of the commercial and open source tools for the same purpose
**********Do rate helpful posts************* -
How to package DPS Tools for InDesign CC
Hi,
We are using the creative cloud packager to deploy Adobe CC at my College. I tried integrating the DPS tools version 32 for Indesign CC 2014 :
http://www.adobe.com/support/downloads/product.jsp?product=182&platform=Macintosh
But it doesn't work. Here's what I tried
Start Indesign and go in Help > updates. Doesn't work because it is greyed out
Building a new package and give it the path to the patch folder (AdobeDigitalPublishingCC2014)
Simply double click on the patch on one of the computers. Doesn't work, it says that the updates are disabled.
Is there a way to enable software updates once Adobe CC is deployed? If not, how can we package the updates in our installer.
Thank you!
MartinHi dshink,
Kindly check : Disable auto-updates | Application Manager | IT administrators
Please revert if the problem persists.
Thanks,
Atul Saini -
SQL SERVER AUDITING TOOL.
hi
I am configuring Auditing on SLQ Server 2008 and 2012
My main target is to Audit for DML (Delete and Update) operations for few specific AD GROUPS, which are having multiple domain accounts and sql accounts as AD Group members.
Everything is done perfectly if I audit any domain account or any sql server account individually. but if I audit for a AD Group in that case I am not getting any result .
for better understand ..
suppose we have accounts (sQL and Domain) which are member of AD Groups having 'SA'
if I individually audit all those domain account as Principal Name I can see the result (Delete,Update) but if I Audit for the AD Group as principal nothing is showing ..
Please help me how to audit AD Group .. in our environment we have AD groups which are having 100 of members for any particular AD Group and we have several AD Groups which we need to Audit.
GGI would suggest go ahead with thirdparty tools for sql & windows...
Quest is best option if you wish...
http://www.quest.com/change-auditor-for-sql-server/
http://www.quest.com/change-auditor-for-active-directory/
And few others...
http://www.mssqltips.com/products.asp?catid=4
Raju Rasagounder Sr MSSQL DBA -
Web Application - Installation Package - Which Tools?
Good afternoon everybody.
I'm on the main Java forum, so I hope somebody will help me with my problem.
I have to make installation package for my web application. This app is written using JSP and Servlets technologies. It uses Apache Tomcat + PostgreSQL database. I need to create such package which will be able to install Apache Tomcat if it's necessary, then deploy there my web-app, then install PostgreSQL if necessary (if it's not installed).
Some people advised me these tools: InstallAnywhere, NSIS. In plus I've found here the topic about installation package: http://forum.java.sun.com/thread.jspa?threadID=758179 . There are advised: Advansed Install and Inno Setup.
I tried InstallAnywhere, Advanced Install, Inno Setup - and found out that all these is not for WEB applications. All of it is for services or desktop apps and needs main classes to be chosen.
But how to be in my case? Will NSIS help me in it? Or maybe somebody knows another tool? I'm sure that some people here did such things already, because here are professionals. Can anybody help me please?
Huge thanks in advance!Hello, man!
I am using Inno Setup - it is really powerfull tool. It is not for web-apps but I don't hear anything about special installers for this stuff.
However, I think you're able to do what you want with this. You just need some other tools like Ant or Maven. Why don't you generate ant-script for your application? You will need install Apache, Ant, Other files, and then just execute ant on build.xml.
So the idea is to do something with other tools if you can't do it with the help of installer.
Bye! -
Audit tool which generates Users, Roles, Auth objects, and Values
Hi,
I have a list regarding authorization provided by auditors.
Here I want to know how the auditors generated the list.
Do you know the transaction code or the program ID.....?
Probably the data in the list was extracted from our system, and some data were manually processed or added.
Hard to write down but fields and examples appear in the list;
-FIELDS-
User
Group
Full Name
Rule
Side
Operator
Role
Authorization
Attribute
Attribute Value
Associated Role
Associated Authorization
Associated Attribute
Associated Attribute Value
-EXAMPLES-
testuser01
group001
user01 test
Create Maintain Sales Order vs Create Maintain Customer Master Records
LHS
Any
Z_ROLETEST_001
Authorization=T-D524126500, Object=S_TCODE
TCD
FB01
Z_ROLETEST_002
Authorization=T-D524126600, Object=F_BKPF_BUK
ACTVT
1
Thank you in advance.
/Y.Shirako> Install ABAP on your system which provides files for them to crunch in an SQL (or similar) database.
> Tool extracts data via RFC calls into your system that is then processed externally.
Yes, the interfaces of those tools are often a hazard in themselves...
I typically recommend customers to delete them completely. Sometimes this comment also exists in the code itself, but who reads code now-a-days in GRC projects, and why should they have to? ;-(
This looks very much like one of those tools (where the SQL statements are built externally).
Cheers,
Julius
Maybe you are looking for
-
Help All icons now tiny on my 27" iMac. Can't find anything in preferences to change the sizes.
-
Need a document for field exit....urgent
Can any one please send a document for field exit or have a simple document on how to work on a field exit with screen shots. pls send it ...its urgent Thanks and regards Nandha kumar R
-
Interface and SAP system issue
hi Experts Scenario : We have External system (Interface) and SAP system. GR usually done in External system for stock materials PO , then it will transfered and updated in SAP system thro IDOC daily bases. And then in SAP ,Zreport is there to find o
-
How to add arguments and switches to AUT
Hi, Usually when I start my AUT from terminal, I will use command like for example $ ./appname.bin This is internally called from RCPTT when it calls AUT. But some times I have to pass some arguments and switches. How shall I do that? Take for exampl
-
Putaway of Handling units via Inbound delviery
Hi, I have configured HUM for my warehouse & am putting away my handling units via Inbound delivery. The system currently generates a transfer order for each & every HU/ storage unit that is created. But i would like to create one single transfer ord