What's the latest release from freebsd-update?
Dan Langille
dan at langille.org
Fri Feb 27 22:19:16 UTC 2015
On Feb 24, 2015, at 11:56 AM, Brian W. <brian at brianwhalen.net> wrote:
>> On Fri, Feb 20, 2015 at 3:28 AM, Johan Hendriks <joh.hendriks at gmail.com>
>> wrote:
>>
>>>
>>> Op 20-02-15 om 05:31 schreef William A. Mahaffey III:
>>>
>>> On 02/19/15 08:34, Dan Langille wrote:
>>>>
>>>>> I want to write a check to let us know if a given server is on the
>>>>> latest
>>>>> version.
>>>>>
>>>>> For example, how can I determine that FreeBSD 9.3-RELEASE-p5 is the
>>>>> latest
>>>>> and greatest?
>>>>>
>>>>> I could run freebsd-update and see what comes back, but that's not
>> ideal
>>>>> for a Nagios check.
>>>>>
>>>>> This output seems promising:
>>>>>
>>>>> $ sysctl kern.version
>>>>> kern.version: FreeBSD 9.3-RELEASE-p5 #0: Mon Nov 3 22:38:58 UTC 2014
>>>>> root at amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC
>>>>>
>>>>> Let's assume we use that as the check for the host.
>>>>>
>>>>> What do we compare it to? Where can I find out that 9.3-RELEASE-p6 is
>>>>> available?
>>>>>
>>>>
>>>>
>>>> I'm running 9.3 (FreeBSD 9.3-RELEASE-p5) as well, & I have noticed
>>>> posts going by onlist referencing 9.3-RELEASE-p9 (I think, might have
>>>> been 8), although that is little help to you. You & I are several
>>>> months back from today, probably safe to assume something newer is
>>>> available. The bottom of
>>>> https://www.freebsd.org/doc/handbook/updating-upgrading-
>>>> freebsdupdate.html
>>>> talks about comparing system versions. If you do a 'freebsd-update
>>>> fetch' followed by a 'freebsd-update install' you will be updated to
>>>> the latest & greatest patch level, but I'm not sure there is a way of
>>>> checking that level apriori .... $0.02, no more, no less ....
>>>>
>>>>
>>> Go to the website www.freebsd.org, on the right site there is a colum
>>> security advisories
>>>
>>> click on the latest, and it will show you the latest patch level of all
>>> versions. Like the example below, the advisory for sctp.
>>>
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA512
>>>
>>> ============================================================
>>> =================
>>> FreeBSD-SA-15:03.sctp Security
>>> Advisory
>>> The FreeBSD
>>> Project
>>>
>>> Topic: SCTP stream reset vulnerability
>>>
>>> Category: core
>>> Module: sctp
>>> Announced: 2015-01-27
>>> Credits: Gerasimos Dimitriadis
>>> Affects: All supported versions of FreeBSD.
>>> Corrected: 2015-01-27 19:36:08 UTC (stable/10, 10.1-STABLE)
>>> 2015-01-27 19:37:02 UTC (releng/10.1, 10.1-RELEASE-p5)
>>> 2015-01-27 19:37:02 UTC (releng/10.0, 10.0-RELEASE-p17)
>>> 2015-01-27 19:36:08 UTC (stable/9, 9.3-STABLE)
>>> 2015-01-27 19:37:02 UTC (releng/9.3, 9.3-RELEASE-p9)
>>> 2015-01-27 19:36:08 UTC (stable/8, 8.4-STABLE)
>>> 2015-01-27 19:37:02 UTC (releng/8.4, 8.4-RELEASE-p23)
>>> CVE Name: CVE-2014-8613
>>>
>>>
> On Feb 24, 2015 8:42 AM, "Dan Langille" <dlangille at sourcefire.com> wrote:
>> I think that none of these suggestions, while useful, are easily programmed
>> into a Nagios check (for example).
> I haven't used Nagios much but can't a freebsd-update fetch be run and then
> the contents of /var/db/freebsd-update/ examined? If updates are ready to
> be installed there will be stuff there.
Good suggestion. I thought about this a bit.
For example, this is a personal server of mine:
$ sudo ls -tl /var/db/freebsd-update | less
total 24305
-rw-r--r-- 1 root wheel 225 Feb 27 11:14 tINDEX.present
-rw-r--r-- 1 root wheel 112 Feb 27 11:14 tag
-rw-r--r-- 1 root wheel 0 Feb 27 11:14 serverlist_full
-rw-r--r-- 1 root wheel 0 Feb 27 11:14 serverlist_tried
drwx------ 2 root wheel 6 Feb 25 21:54 install.VYWhPb
lrwxr-xr-x 1 root wheel 14 Feb 25 21:54 a42a1b654b786466cfb637b8c8149d2c17163da48c6af0db0efc8b9eb668c0c6-rollback -> install.VYWhPb
drwx------ 2 root wheel 6 Feb 25 21:54 install.wyPL3Y
lrwxr-xr-x 1 root wheel 14 Feb 25 21:54 33e149b299e14ae478954c5803bdd48402401acbac2611574359df5e8087aa7c-rollback -> install.wyPL3Y
drwxr-xr-x 2 root wheel 26268 Feb 25 21:54 files
drwx------ 2 root wheel 6 Feb 25 21:52 install.MlNZrV
lrwxr-xr-x 1 root wheel 14 Feb 25 21:52 f465c3739385890c221dff1a05e578c6cae0d0430e46996d319db7439f884336-rollback -> install.MlNZrV
$ sudo freebsd-update fetch
Looking up update.FreeBSD.org mirrors... none found.
Fetching metadata signature for 9.3-RELEASE from update.FreeBSD.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.
No updates needed to update system to 9.3-RELEASE-p10.
$ sudo ls -tl /var/db/freebsd-update | less
-rw-r--r-- 1 root wheel 225 Feb 27 22:16 tINDEX.present
-rw-r--r-- 1 root wheel 112 Feb 27 22:16 tag
-rw-r--r-- 1 root wheel 0 Feb 27 22:16 serverlist_full
-rw-r--r-- 1 root wheel 0 Feb 27 22:16 serverlist_tried
drwx------ 2 root wheel 6 Feb 25 21:54 install.VYWhPb
lrwxr-xr-x 1 root wheel 14 Feb 25 21:54 a42a1b654b786466cfb637b8c8149d2c17163da48c6af0db0efc8b9eb668c0c6-rollback -> install.VYWhPb
drwx------ 2 root wheel 6 Feb 25 21:54 install.wyPL3Y
lrwxr-xr-x 1 root wheel 14 Feb 25 21:54 33e149b299e14ae478954c5803bdd48402401acbac2611574359df5e8087aa7c-rollback -> install.wyPL3Y
drwxr-xr-x 2 root wheel 26268 Feb 25 21:54 files
drwx------ 2 root wheel 6 Feb 25 21:52 install.MlNZrV
lrwxr-xr-x 1 root wheel 14 Feb 25 21:52 f465c3739385890c221dff1a05e578c6cae0d0430e46996d319db7439f884336-rollback -> install.MlNZrV
It seems to require both non-root access and detailed knowledge of what is found in that directory.
I'm hoping for something simple and easily obtained.
Thank you
—
Dan Langille
http://langille.org/
More information about the freebsd-questions
mailing list