The Kernun auditing tool kernun-audit(1) provides a convenient source of information about bugs discovered in the Kernun software. The auditing tool also reports when a new software version becomes available. A Kernun audit is usually executed daily by the cron daemon via the periodic command. It downloads the up-to-date auditing database, and then examines the product type, version, and architecture of the installed system. Based on these values, the relevant records are extracted from the database and reported. There are two classes of records: bugs and software updates.
Each bug that is discovered in the currently installed version of the Kernun product is reported. A bug has a unique identification number, a description, a list of versions, in which it occurs, a solution, and a workaround. The recommended solution is always a software update to a version in which the bug has been fixed (if such version is available). The workaround (if available) describes how to minimize the impact of the bug without updating the software. It should be applied if the software has not been fixed yet or if an immediate update is infeasible. Nevertheless, the workaround should always be regarded as a temporary solution and the Kernun installation should be updated as soon as possible.
Software updates are reported only for the same product and architecture as in the installed system. The latest patch release from each release branch is shown. Only versions newer than the currently installed version are displayed. For example, if 3.1 is the version installed and 3.0–3.0.6, 3.1–3.1.3, and 3.2–3.2.1 are available, 3.1.3 and 3.2.1 will be the versions reported.
The initial configuration of a Kernun system runs the auditing tool
daily using the DEFAULT-CRONTAB and
DEFAULT-PERIODIC variables from the
included crontab and the periodic configuration file
crontab.cml. Auditing can be disabled by setting
daily_status_security_kernun_audit_enable to
"NO" in that file. The auditing tool
kernun-audit can be also executed manually from the
command line. The product name, version number, and architecture name are
obtained from the current system, or can be specified using the command line
arguments of kernun-audit. The identification of the
current system is stored in the files /kernun-product
(product name) and /kernun-version (build number,
which contains the version number before the first dot and the
architecture name after the second dot). If the location (local or remote)
of the audit database is not specified, the database is downloaded from
download.kernun.com by
default.
The www.kernun.com Web
site provides an online version of the Kernun auditing tool. After filling
the Kernun product, version, and architecture in a form, the auditing report
is generated in the same format as the one kernun-audit
produces.