using pkg audit to show base vulnerabilities
Mark Felder
feld at FreeBSD.org
Wed Sep 7 21:25:17 UTC 2016
On Thu, Aug 25, 2016, at 07:49, Miroslav Lachman wrote:
> I am not sure if this is the right list or not. If not, please redirect
> me to the right one.
>
> I noticed this post from Mark Felder
> https://blog.feld.me/posts/2016/08/monitoring-freebsd-base-system-vulnerabilities-with-pkg-audit/
>
> Great work Mark, thank you!
>
> I found it very useful. I want this to be part of the nightly reports on
> all our machines so I tried to write 405.base-audit. It is based on
> original 410.pkg-audit
> It can check kernel and world of a host or world in jail or chroot (if
> freebsd-version is installed in jail or chroot)
>
> You can my find first attempt at
> http://freebsd.quip.cz/script/405.base-audit.sh
>
I have been toying with the idea of creating a port that provides a
script called "baseaudit" that can make it very easy to check your
system for known vulns. With the majority of the logic in this script we
could also include this periodic script in the package which would check
nightly as well. Perhaps we should collaborate on this together? I will
need to review your script in detail but at a glance it appears very
thorough.
Thanks!
--
Mark Felder
ports-secteam member
feld at FreeBSD.org
More information about the freebsd-security
mailing list