From 298a322f3eec7e1a53ba8eb2d581ff2d562db6bb Mon Sep 17 00:00:00 2001 From: Adrian Portelli Date: Thu, 3 Jul 2008 21:55:39 +0000 Subject: [PATCH] The audit-system program compares the programs, utilities, libraries and kernel with the system-vulnerabilities file and reports any known security issues to standard output. This output contains the name and version of the vulnerable component, the type of vulnerability, and a URL for further information for each vulnerability. NOTE: NetBSD ONLY --- audit-system/DESCR | 5 + audit-system/Makefile | 55 ++++++ audit-system/PLIST | 5 + audit-system/TODO | 11 ++ audit-system/files/audit-get-ident | 43 +++++ audit-system/files/audit-get-mtime | 58 ++++++ audit-system/files/audit-get-objdump | 58 ++++++ audit-system/files/audit-system | 252 +++++++++++++++++++++++++++ audit-system/files/audit-system.8 | 214 +++++++++++++++++++++++ 9 files changed, 701 insertions(+) create mode 100644 audit-system/DESCR create mode 100644 audit-system/Makefile create mode 100644 audit-system/PLIST create mode 100644 audit-system/TODO create mode 100755 audit-system/files/audit-get-ident create mode 100755 audit-system/files/audit-get-mtime create mode 100755 audit-system/files/audit-get-objdump create mode 100755 audit-system/files/audit-system create mode 100644 audit-system/files/audit-system.8 diff --git a/audit-system/DESCR b/audit-system/DESCR new file mode 100644 index 0000000000..d480c41003 --- /dev/null +++ b/audit-system/DESCR @@ -0,0 +1,5 @@ +The audit-system program compares the programs, utilities, libraries and +kernel with the system-vulnerabilities file and reports any known security +issues to standard output. This output contains the name and version of +the vulnerable component, the type of vulnerability, and a URL for further +information for each vulnerability. diff --git a/audit-system/Makefile b/audit-system/Makefile new file mode 100644 index 0000000000..12ed9bd273 --- /dev/null +++ b/audit-system/Makefile @@ -0,0 +1,55 @@ +# $NetBSD: Makefile,v 1.1.1.1 2008/07/03 21:55:39 adrian_p Exp $ +# + +DISTNAME= audit-system-0.01 +CATEGORIES= pkgtools +MASTER_SITES= # empty +DISTFILES= # empty + +MAINTAINER= adrianp@NetBSD.org +HOMEPAGE= http://www.NetBSD.org/support/security/ +COMMENT= Verifier for NetBSD packages and complete pkgsrc tree + +WRKSRC= ${WRKDIR} +EXTRACT_ONLY= # empty +NO_CHECKSUM= yes +NO_BUILD= yes +NO_MTREE= yes +USE_LANGUAGES= # none + +#ONLY_FOR_PLATFORM= NetBSD-*-* + +AS_FILES= audit-get-ident audit-get-mtime audit-get-objdump audit-system \ + audit-system.8 + +USE_TOOLS+= awk cp mv ident + +.include "../../mk/bsd.prefs.mk" + +STAT?= /usr/bin/stat +OBJDUMP?= /usr/bin/objdump + +SUBST_CLASSES+= tools +SUBST_STAGE.tools= post-configure +SUBST_FILES.tools+= audit-get-ident audit-get-mtime audit-get-objdump +SUBST_FILES.tools+= audit-system +SUBST_SED.tools= -e "s|@AWK@|${AWK}|g" +SUBST_SED.tools+= -e "s|@SH@|${SH}|g" +SUBST_SED.tools+= -e "s|@CP@|${CP}|g" +SUBST_SED.tools+= -e "s|@MV@|${MV}|g" +SUBST_SED.tools+= -e "s|@IDENT@|${IDENT}|g" +SUBST_SED.tools+= -e "s|@OBJDUMP@|${OBJDUMP}|g" +SUBST_SED.tools+= -e "s|@STAT@|${STAT}|g" + +do-extract: +. for f in ${AS_FILES} + ${CP} ${FILESDIR}/${f} ${WRKSRC} +. endfor + +do-install: + ${INSTALL_SCRIPT} ${WRKSRC}/audit-get-ident ${PREFIX}/bin + ${INSTALL_SCRIPT} ${WRKSRC}/audit-get-mtime ${PREFIX}/bin + ${INSTALL_SCRIPT} ${WRKSRC}/audit-get-objdump ${PREFIX}/bin + ${INSTALL_SCRIPT} ${WRKSRC}/audit-get-system ${PREFIX}/bin + +.include "../../mk/bsd.pkg.mk" diff --git a/audit-system/PLIST b/audit-system/PLIST new file mode 100644 index 0000000000..e337a3ad64 --- /dev/null +++ b/audit-system/PLIST @@ -0,0 +1,5 @@ +@comment $NetBSD: PLIST,v 1.1.1.1 2008/07/03 21:55:39 adrian_p Exp $ +bin/audit-get-ident +bin/audit-get-mtime +bin/audit-get-objdump +bin/audit-system diff --git a/audit-system/TODO b/audit-system/TODO new file mode 100644 index 0000000000..cc1b56d3cf --- /dev/null +++ b/audit-system/TODO @@ -0,0 +1,11 @@ +- Enable ONLY_FOR_PLATFORM +- Move scripts off to their own directory e.g. ${PREFIX}/share/audit-system ? +- Merge all audit-get-* into one file and just .source it ? +- Split audit-system into download-xxx-list and audit-system e.g. audit-packages +- Update man page +- Install man page +- Create basic system-vulnerabilities file to test with (e.g. just 2008 issues) +- Sign system-vulnerabilities file +- Check signature on downloads system-vulnerabilities file +- Merge in work from pkgsrccon '07 +- Lot's more . . . . diff --git a/audit-system/files/audit-get-ident b/audit-system/files/audit-get-ident new file mode 100755 index 0000000000..fac53eb8b0 --- /dev/null +++ b/audit-system/files/audit-get-ident @@ -0,0 +1,43 @@ +#! @SH@ +# +# $NetBSD: audit-get-ident,v 1.1.1.1 2008/07/03 21:55:40 adrian_p Exp $ +# +# Copyright (c) 2008 The NetBSD Foundation, Inc. +# All rights reserved. +# +# This code is derived from software contributed to The NetBSD Foundation +# by Alistair Crooks. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# + +@IDENT@ $1 | @AWK@ ' +NR == 1 { latest = 0; next } +$1 == "$NetBSD:" { + gsub("/", "", $4); + if ($4 > latest) { + latest = $4; + } +} +END { + print latest +}' diff --git a/audit-system/files/audit-get-mtime b/audit-system/files/audit-get-mtime new file mode 100755 index 0000000000..5abae96289 --- /dev/null +++ b/audit-system/files/audit-get-mtime @@ -0,0 +1,58 @@ +#! @SH@ +# +# $NetBSD: audit-get-mtime,v 1.1.1.1 2008/07/03 21:55:40 adrian_p Exp $ +# +# Copyright (c) 2008 The NetBSD Foundation, Inc. +# All rights reserved. +# +# This code is derived from software contributed to The NetBSD Foundation +# by Alistair Crooks. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# + +@STAT@ -l $1 | @AWK@ ' +BEGIN { + months["Jan"] = "01"; + months["Feb"] = "02"; + months["Mar"] = "03"; + months["Apr"] = "04"; + months["May"] = "05"; + months["Jun"] = "06"; + months["Jul"] = "07"; + months["Aug"] = "08"; + months["Sep"] = "09"; + months["Oct"] = "10"; + months["Nov"] = "11"; + months["Dec"] = "12"; + latest = 0; +} +{ + d = sprintf("%s%s%s", $9, months[$6], $7); + if (d > latest) { + latest = d; + } +} +END { + print latest +} +' diff --git a/audit-system/files/audit-get-objdump b/audit-system/files/audit-get-objdump new file mode 100755 index 0000000000..cc4eff00a0 --- /dev/null +++ b/audit-system/files/audit-get-objdump @@ -0,0 +1,58 @@ +#! @SH@ +# +# $NetBSD: audit-get-objdump,v 1.1.1.1 2008/07/03 21:55:40 adrian_p Exp $ +# +# Copyright (c) 2008 The NetBSD Foundation, Inc. +# All rights reserved. +# +# This code is derived from software contributed to The NetBSD Foundation +# by Alistair Crooks. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# + +@OBJDUMP@ -a $1 | @AWK@ ' +BEGIN { + months["Jan"] = "01"; + months["Feb"] = "02"; + months["Mar"] = "03"; + months["Apr"] = "04"; + months["May"] = "05"; + months["Jun"] = "06"; + months["Jul"] = "07"; + months["Aug"] = "08"; + months["Sep"] = "09"; + months["Oct"] = "10"; + months["Nov"] = "11"; + months["Dec"] = "12"; + latest = 0; +} +NF == 8 { + d = sprintf("%s%s%s", $7, months[$4], $5); + if (d > latest) { + latest = d; + } +} +END { + print latest +} +' diff --git a/audit-system/files/audit-system b/audit-system/files/audit-system new file mode 100755 index 0000000000..93c6c8a913 --- /dev/null +++ b/audit-system/files/audit-system @@ -0,0 +1,252 @@ +#! @SH@ +# +# $NetBSD: audit-system,v 1.1.1.1 2008/07/03 21:55:40 adrian_p Exp $ +# +# Copyright (c) 2008 The NetBSD Foundation, Inc. +# All rights reserved. +# +# This code is derived from software contributed to The NetBSD Foundation +# by Alistair Crooks. +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions +# are met: +# 1. Redistributions of source code must retain the above copyright +# notice, this list of conditions and the following disclaimer. +# 2. Redistributions in binary form must reproduce the above copyright +# notice, this list of conditions and the following disclaimer in the +# documentation and/or other materials provided with the distribution. +# +# THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS +# ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED +# TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR +# PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS +# BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR +# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF +# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS +# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN +# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE +# POSSIBILITY OF SUCH DAMAGE. +# + +AWK=@AWK@ +CHMOD=/bin/chmod +CKSUM=/usr/bin/cksum +MKDIR=/bin/mkdir +FIND=/usr/bin/find +FTP=/usr/bin/ftp +MV=/bin/mv +RM=/bin/rm + +ERR_DOWNLOAD="Please run $0 -d." +ERR_UPGRADE="Please upgrade audit-system to the newest version." + +: ${SYSVULNDIR=/var/db} +: ${FETCH_PROTO=ftp} +: ${FTP=ftp} + +FTP_ARGS="-o" + +FORMAT_MAJOR=1 +FORMAT_MINOR=0 +FORMAT_TEENY=0 + +# print a usage message and then die +usage() { + argv0="${1##*/}" + cat <&2; exit 1) + fi + case ${FETCH_PROTO} in + http) ;; + ftp) ;; + *) echo "Unknown FETCH_PROTO specified - Only http and ftp are currently supported." + exit 1 + ;; + esac + + (cd ${SYSVULNDIR} + ${FTP} ${FTP_ARGS} "${newvullist}" "${vulsource}" + + # see if we got a file + if [ ! -f "${newvullist}" ]; then + echo "***WARNING*** Download of vulnerabilities file failed" 1>&2 + exit 1 + fi + + # see if the file got damaged while it was being downloaded + check_integrity "${newvullist}" "downloaded vulnerability list" + case "$errmsg" in + "") ;; + *) echo "$errmsg" 1>&2 + ${RM} -f "${newvullist}" + exit 1 + ;; + esac + + # test to see if file has been changed + neednew=false + if [ -f "$vuls" ]; then + oldsum=$(${AWK} '$1 == "#CHECKSUM" { print $3 }' "$vuls") + if [ "$oldsum" != "$calcsum" ]; then + neednew=true + fi + else + neednew=true + fi + + # if we need the new file, move it into position + if $neednew; then + echo "System vulnerabilities file has been updated" + ${CHMOD} a+r ${newvullist} + ${MV} -f ${newvullist} "$vuls" + else + echo "No change from existing system vulnerabilities file" + ${RM} -f ${newvullist} + fi) +esac + +errmsg="" + +# check for missing vulnerabilities file +if [ ! -f "$vuls" ]; then + errmsg="Missing vulnerabilities file $vuls" + errsolution="$ERR_DOWNLOAD" +fi + +# check for old vulnerabilities file if we're being verbose +case "$errmsg" in +"") case "$verbose" in + # XXX: quote vuls + yes) [ -n "$(${FIND} $vuls -ctime +7)" ] && echo "*** WARNING - $vuls more than a week old, continuing..." ;; + esac + ;; +esac + +# check format version of vulnerabilities file +case "$errmsg" in +"") file_major=$(${AWK} '/^#[ \t]*FORMAT/ { split($NF, a, "\\."); print a[1]; exit; }' "$vuls") + file_minor=$(${AWK} '/^#[ \t]*FORMAT/ { split($NF, a, "\\."); print a[2]; exit; }' "$vuls") + file_teeny=$(${AWK} '/^#[ \t]*FORMAT/ { split($NF, a, "\\."); print a[3]; exit; }' "$vuls") + if [ -z "$file_teeny" ] ; then + file_teeny=0 + fi + if [ "x$file_major" = "x" -o "x$file_minor" = "x" ]; then + errmsg="No file format version found in $vuls" + errsolution="$ERR_DOWNLOAD" + elif [ "$file_major" -ne "$FORMAT_MAJOR" -o "$file_minor" -gt "$FORMAT_MINOR" ]; then + errmsg="Unsupported file format version $file_major.$file_minor${file_teeny:+.${file_teeny}} in $vuls (supported version: $FORMAT_MAJOR.$FORM +AT_MINOR.$FORMAT_TEENY)." + if [ "$file_major" -le "$FORMAT_MAJOR" -o + \( "$file_major" -eq "$FORMAT_MAJOR" -a + "$file_minor" -lt "$FORMAT_MINOR" \) ]; then + errsolution="$ERR_DOWNLOAD" + else + errsolution="$ERR_UPGRADE" + fi + fi + ;; +esac + +# check integrity of vulnerabilities file +check_integrity "$vuls" "$vuls" + +# if we have found an error, then complain and exit +case "$errmsg" in +"") ;; +*) echo "***ERROR*** $errmsg" 1>&2 + echo "*** $errsolution" 1>&2 + exit 1 + ;; +esac + +${AWK} -v scriptdir="$scriptdir" ' +/^#.*/ { next } +{ + cmd = sprintf("v=$(%s/audit-%s %s) && test -e %s && test $v -lt %s && echo %c%s (version $v before %s) could have a %s vulnerability (severity %s) - see %s%c", + scriptdir, $2, $1, + $1, + $3, + 34, $1, $3, $4, $5, $6, 34); + system(cmd); +} +' "$vuls" diff --git a/audit-system/files/audit-system.8 b/audit-system/files/audit-system.8 new file mode 100644 index 0000000000..f0cf4af1a4 --- /dev/null +++ b/audit-system/files/audit-system.8 @@ -0,0 +1,214 @@ +.\" $NetBSD: audit-system.8,v 1.1.1.1 2008/07/03 21:55:40 adrian_p Exp $ +.\" +.\" +.Dd October 6, 2006 +.Os +.Dt AUDIT-SYSTEM 8 +.Sh NAME +.Nm audit-system +.Nd show vulnerabilities in system, utilities and libraries +.Sh SYNOPSIS +.Nm +.Op Fl dv +.Sh DESCRIPTION +The +.Nm +program compares the programs, utilities, libraries and kernel with the +.Pa system-vulnerabilities +file and reports any known security issues to standard output. +This output contains the name and version of the vulnerable component, the +type of vulnerability, and a URL for further information for each +vulnerability. +.Pp +The following flags are supported: +.Bl -tag -width Ar +.It Fl d +.Nm +will attempt to download the vulnerabilities +file before scanning +the system for vulnerabilities. +.It Fl v +Set verbose mode. +.Nm +will warn when the system vulnerabilities file is more than a week old. +.El +.Pp +The +.Nm +program downloads this file from +.Pa ftp://ftp.NetBSD.org/pub/NetBSD/misc/agc/audit-system/system-vulnerabilities +using +.Xr ftp 1 . +This vulnerabilities file documents all known security issues in +.Nx +the system +and is kept up-to-date by the +.Nx +security-officer team. +.Pp +Each line lists the component and vulnerable versions, the type of exploit, +and an Internet address for further information: +.Bl -item +.It +.Aq package pattern +.Aq type +.Aq url +.El +.Pp +The type of exploit can be any text, although +some common types of exploits listed are: +.Bl -bullet -compact -offset indent +.It +cross-site-html +.It +cross-site-scripting +.It +denial-of-service +.It +file-permissions +.It +local-access +.It +local-code-execution +.It +local-file-read +.It +local-file-removal +.It +local-file-write +.It +local-root-file-view +.It +local-root-shell +.It +local-symlink-race +.It +local-user-file-view +.It +local-user-shell +.It +privacy-leak +.It +remote-code-execution +.It +remote-command-inject +.It +remote-file-creation +.It +remote-file-read +.It +remote-file-view +.It +remote-file-write +.It +remote-key-theft +.It +remote-root-access +.It +remote-root-shell +.It +remote-script-inject +.It +remote-server-admin +.It +remote-use-of-secret +.It +remote-user-access +.It +remote-user-file-view +.It +remote-user-shell +.It +unknown +.It +weak-authentication +.It +weak-encryption +.It +weak-ssl-authentication +.El +.Pp +By default, the vulnerabilities file is stored in the +/etc +directory. +This can be changed by defining the environment variable +.Ev SYSVULNDIR +to the directory containing the vulnerabilities file. +.Sh EXIT STATUS +.Ex -std audit-packages +.Sh ENVIRONMENT +These variables can also be defined in the +/etc/audit-system.conf +file. +.Pp +.Bl -tag -width SYSVULNDIR +.It Ev SYSVULNDIR +Specifies the directory containing the +.Pa system-vulnerabilities +file. +.It Ev FETCH_ARGS +Specifies optional arguments for the ftp client. +.It Ev FETCH_PROTO +Specifies the protocol to use when fetching the +.Pa system-vulnerabilities +file. Currently supports only http and ftp. The default is ftp. +.El +.Sh FILES +/etc/system-vulnerabilities +.Pp +/etc/audit-system.conf +.Sh EXAMPLES +The +.Nm +utility can be run via +.Xr cron 8 +(or with +.Nx Ap s +.Pa /etc/security.local +daily security script). +.Pp +export FETCH_PROTO="http" +.Pp +.Sh DIAGNOSTICS +The following errors can occur: +.Bl -tag -width 10n +.It Checksum mismatch +The vulnerabilities file has been corrupted. +Run +.Nm -d . +.It Missing vulnerabilities file +The vulnerabilities file could not be found. +Run +.Nm -d . +.It \&No checksum algorithm found +The vulnerabilities file is too old or incomplete. +Run +.Nm -d . +.It \&No checksum found +The vulnerabilities file is too old or incomplete. +Run +.Nm -d . +.It \&No file format version found +The vulnerabilities file is too old or incomplete. +Run +.Nm -d . +.It Unsupported file format version +The vulnerabilities file is too old or too new. +If it's too old, run +.Nm -d . +If it's too new, update the +.Nm +utility. +.El +.Sh SEE ALSO +.Xr ftp 1 , +.Xr audit-packages pkgsrc , +.Xr audit-system.conf 5 , +.Sh HISTORY +The +.Nm +command was originally implemented and added to +.Nx +by +.An Alistair Crooks +on October 6, 2006.