On Wed, Jan 13, 1999 at 09:26:51PM +0100, Linux Mailing Lists wrote: > Hello, > > > Or use the automated email patch status robot at pogostick.net. > > See http://pogostick.net/~pdiag/english.html > > (or http://pogostick.net/~pdiag/ if you want it in norwegian) > > for more info. > > Doesn't sound very good to send the configuration of your machine over the > internet by email. What if someone gets it and use that information to > know the vulnerabilities of your server? Using your service he would know: Our (my) service makes no pretence of being a service that extremely vulnerable machines should use. But then again, the mail you send doesn't need to identify _which_ machine the showrev output is from. Just take the showrev/pkginfo from one machine, put it into a file, email it from anothe machine (with correct subject). So any eavsdropper would only know that somewhere (in the world) there is a Sun/Solaris machine with this software/patchlevel. > * Which Software you have installed in your server > * Which patches you have applied (and what's more interesting, which > patches you *haven't* applied) > * The OS version, platform, etc... > * Your server's name > > Mmmmmmm... Just the information someone would need to hack your system :) > > What about making public the program you use, to run it locally? > > (showrev -p ; pkginfo -l)|yourniceprog The program is just an email wrapper around suns patchdiag (currently v 1.0.2). Many other nice people have submitted programs to this (bugtraq) mailinglist that lets you do this locally. > > Greetings, > Sergio > > PS: Who knows who is really receiving your information at > pdiagat_private ;) I do! -- Jon Ross, Ark Norge AS - Divisjon Skrivervik Data, P.B. 3885 U.S., N-0805 OSLO, NORWAY Phone +47 2218 5891, Cellular +47 915 35 708, Fax +47 2218 5998
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 14:28:52 PDT