using pkg audit to show base vulnerabilities

Mark Felder feld at
Wed Sep 7 21:25:17 UTC 2016

On Thu, Aug 25, 2016, at 07:49, Miroslav Lachman wrote:
> I am not sure if this is the right list or not. If not, please redirect 
> me to the right one.
> I noticed this post from Mark Felder
> Great work Mark, thank you!
> I found it very useful. I want this to be part of the nightly reports on 
> all our machines so I tried to write 405.base-audit. It is based on 
> original 410.pkg-audit
> It can check kernel and world of a host or world in jail or chroot (if 
> freebsd-version is installed in jail or chroot)
> You can my find first attempt at 

I have been toying with the idea of creating a port that provides a
script called "baseaudit" that can make it very easy to check your
system for known vulns. With the majority of the logic in this script we
could also include this periodic script in the package which would check
nightly as well. Perhaps we should collaborate on this together? I will
need to review your script in detail but at a glance it appears very


  Mark Felder
  ports-secteam member
  feld at

More information about the freebsd-security mailing list