[CLUE-Tech] Software audit of Linux software versions

[Dave Anselmi]

Heh.  I'm building a system from scratch (my second) -
http://www.linuxfromscratch.org.  One of the guys has put together a system
for controlling the install process.  His goal was that the 'make install'
used by source packages wouldn't be able to overwrite programs or install
suid root without his specific permission.  It turns out to be useful as a
package management system too.  Details at
http://hints.linuxfromscratch.org/hints/more_control_and_pkg_man.txt.

Basically, each package gets installed as its own user.  To see what
packages are installed, I can look at my list of package home dirs (kept in
/usr/src or wherever).  We keep a .project file for each user, so 'finger
glibc', for example, shows me details about my glibc install.  We can use
find to see what files a package installed (and uninstall them if we want).

You might consider this cumbersome, and an LFS system is a little more
cumbersome than other distros.  But consider this quote from Paul Vixie
(Vixie Cron v3.0): 'Note that if I can get you to "su and say" something
just by asking, you have a very serious security problem on your system and
you should look into it.'

Dave

Kevin Cullis wrote:

> Hi all,
>
> How can I find out via a command or the like which software version I
> have?  I.e. I'd like to do just one command to list all of the software
> loaded on my Linux computer and their version, is this possible?
>
> Those that are sysadmins, what kind of documentation do you keep/work
> on?
>
> Kevin
>
> ---
> Kevin Cullis
> kcullis at coloradoexcellence.org
> 303-893-CPEX (2739)
> Colorado Performance Excellence, Inc
> http://www.coloradoexcellence.org
>
> _______________________________________________
> CLUE-Tech mailing list
> CLUE-Tech at clue.denver.co.us
> http://clue.denver.co.us/mailman/listinfo/clue-tech