lueschem / edi

Embedded development infrastructure.

https://www.get-edi.io

GNU Lesser General Public License v3.0

39 stars 12 forks source link

scan vulnerabilities of the debian environment #13

Open erickeller opened 7 years ago

erickeller commented 7 years ago

Issue Type

Enhancement

Environment detail

N./A.

Desired Behaviour

scan the debian environement and list vulnerabilities using the debsecan tool like following:

ROOTFS=...
DISTRIBUTION_CODENAME=$(grep "VERSION=" ${ROOTFS}/etc/os-release | sed -e "s/.* [(]\(.*\)[)].*/\1/g")
mkdir -p ${ROOTFS}/tmp/security
chroot ${ROOTFS} bash -x << EOF
debsecan --suite ${DISTRIBUTION_CODENAME} --format detail --only-fixed > /tmp/security/output.debsecan
EOF

lueschem commented 7 years ago

This would be a cool "selling feature": edi lxc scan CONTAINER_NAME or edi target scan IP_ADDRESS I did not know about debsecan - it looks like a useful tool.