pkg audit not working like portaudit
Matthew Seaman
matthew at freebsd.org
Wed Jul 30 15:07:08 UTC 2014
On 07/30/14 15:22, Aleksandr Miroslav wrote:
> I used to be able to do something like this with portaudit in my cron jobs:
>
> portaudit > /dev/null || portaudit |mailx -s portaudit root
>
> i.e. portaudit returned a non-zero value when there were vulnerabilities.
>
> I expected "pkg audit" to do the same, but apparently it always
> returns zero. Is there some way to get the old portaudit behavior or
> do I have to write a script to parse the output?
Not indicating the presence of vulnerabilities in the return code of
'pkg audit' is certainly worth opening an issue at
https://github.com/freebsd/pkg/issues
However, try using:
pkg audit -q
which should not print anything unless it does find vulnerabilities, so
by the usual cron logic, you'll only get an email when there's a problem.
There's also /usr/local/etc/periodic/security/410.pkg-audit which you
can enable as a normal periodic(8) job.
Cheers,
Matthew
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 1014 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freebsd.org/pipermail/freebsd-questions/attachments/20140730/ea4bcbbd/attachment.sig>
More information about the freebsd-questions
mailing list