diff options
author | mboelen <michael@cisofy.com> | 2014-10-27 01:33:26 +0300 |
---|---|---|
committer | mboelen <michael@cisofy.com> | 2014-10-27 01:33:26 +0300 |
commit | 46de3f8d99cc09ed752286fd6f326d8f38b3b7f6 (patch) | |
tree | d1aac9aef52a067df186bc61da1f3d53f161cdca | |
parent | 410861f4dffb33e0afa6d52f7847c31e8954b3ea (diff) |
Hide RPM related database errors, show suggestion instead
-rw-r--r-- | include/tests_ports_packages | 3 | ||||
-rw-r--r-- | include/tests_shells | 5 |
2 files changed, 5 insertions, 3 deletions
diff --git a/include/tests_ports_packages b/include/tests_ports_packages index 417f0124..620aa273 100644 --- a/include/tests_ports_packages +++ b/include/tests_ports_packages @@ -167,10 +167,11 @@ logtext "Test: Querying 'rpm -qa' to get package list" Display --indent 6 --text "- Querying RPM package manager" logtext "Output:"; logtext "--------" - SPACKAGES=`${RPMBINARY} -qa | sort` + SPACKAGES=`${RPMBINARY} -qa 2> /dev/null | sort` if [ "${SPACKAGES}" = "" ]; then logtext "Result: RPM binary available, but package list seems to be empty" logtext "Info: looks like the rpm binary is installed, but not used for package installation" + ReportSuggestion "${TEST_NO}" "Check RPM database as RPM binary available but does not reveal any packages" else for J in ${SPACKAGES}; do N=`expr ${N} + 1` diff --git a/include/tests_shells b/include/tests_shells index e9a74ddc..5d0fa442 100644 --- a/include/tests_shells +++ b/include/tests_shells @@ -251,9 +251,10 @@ rm -f ${SHELLSHOCK_TMP} if [ ! "${VULNERABLE}" = "" ]; then logtext "Output: ${VULNERABLE}" - logtext "Result: Vulnerable to original shellshock (CVE-2014-6277)" + logtext "Result: Vulnerable to original shellshock (CVE-2014-6277). This may not be a security risk, as distributions patched it. Still it shows your bash is vulnerable for crashing." Display --indent 2 --text "- Shellshock: CVE-2014-6277 (segfault, lcamtuf bug #1)" --result "WARNING" --color RED - FOUND=1 + # Do not trigger the warning for this particular test. Most distributions did actually patch it to reduce the security risks, while allowing it still to segfault. + #FOUND=1 else logtext "Result: Not vulnerable to original shellshock (CVE-2014-6277)" #Display --indent 4 --text "- CVE-2014-6277 (segfault, lcamtuf bug #1)" --result "OK" --color GREEN |