1
0
-1

Our customer found that Open-Audit does not collect software under the conditions below;

  • same host
  • same package name
  • same version
  • same distribution
  • different architecture

eg.

glibc-2.17-157.el7.x86_64
glibc-2.17-157.el7.i686

Open-audit does not have architecture attribute on software table.

Therefore example like as above is recognized as same package then it is not showed on the software list.

Are there any work around?

Regards,

Satoru Funai

 

    CommentAdd your comment...

    3 answers

    1.  
      1
      0
      -1

      I don't immediately see a way to resolve this. On rpm based systems, we use rpm to query the packages installed. On Centos6 (example) I can see we have zlib installed for both i686 and x86_64, exactly as you describe. Unfortunately, rpm doesn't give us the architecture. Same below (and further below for Ubuntu/Debian).

      If anyone can suggest something, I'm all ears.

      Ubuntu (hence Debian) seem much the same.

      1. Satoru Funai

        Can you add "ARCH" column on audit.software table and also add matching condition name+version+ARCH for inserting new records? Satoru

      2. Mark Unwin

        We can add arch, yes, easy. We cannot populate it as far as I can see. We use the below command (excluding zlib). Adding another loop over package name would increase the script time exponentially and still be very brittle in terms of extracting the correct arch. If dpkg or rpm provided the arch, could add it easily. rpm -qa zlib --queryformat="Name:%{NAME}\nVersion: %{VERSION}-%{RELEASE}\n\n" | sed -e 's/\&.*]]/]]/' Name:zlib Version: 1.2.3-29.el6 Name:zlib Version: 1.2.3-29.el6

      3. Satoru Funai

        How about this for RHEL/CentOS? # rpm -q glibc --queryformat="\t\t<item>\n\t\t\t<name><\!\[CDATA\[%{NAME}\]\]></name>\n\t\t\t<arch><\!\[CDATA\[%{ARCH}\]\]></arch>\n\t\t\t<version><\!\[CDATA\[%{VERSION}-%{RELEASE}\]\]></version>\n\t\t\t<install_date><\!\[CDATA\[%{INSTALLTIME:date}\]\]></install_date>\n\t\t\t<url><\!\[CDATA\[%{URL}\]\]></url>\n\t\t</item>\n" <item> <name><![CDATA[glibc]]></name> <arch><![CDATA[x86_64]]></arch> <version><![CDATA[2.17-106.el7_2.8]]></version> <install_date><![CDATA[2016?08?05? 14?43?59?]]></install_date> <url><![CDATA[http://www.gnu.org/software/glibc/]]></url> </item> <item> <name><![CDATA[glibc]]></name> <arch><![CDATA[i686]]></arch> <version><![CDATA[2.17-106.el7_2.8]]></version> <install_date><![CDATA[2016?08?05? 14?44?16?]]></install_date> <url><![CDATA[http://www.gnu.org/software/glibc/]]></url> </item>

      4. Mark Unwin

        Thanks for persisting with me. RPM and DPKG-QUERY do indeed support arch (or architecture for dpkg). Consider this added. I'll get it in ASAP.

      CommentAdd your comment...
    2.  
      1
      0
      -1

      I'm not why, but some application require i686 package on x86_64 system for installation dependency.

      It have to be installed and should be collected to Open-Audit.

      Any suggestions or ideas would be appreciated.

      Regards,

      Satoru Funai 

        CommentAdd your comment...
      1.  
        1
        0
        -1

        Not sure why they would have multiple architectures installed, probably only need the x86_64 or the i686 but not both

          CommentAdd your comment...