using pkg audit to show base vulnerabilities

Miroslav Lachman 000.fbsd at
Mon Sep 12 14:21:55 UTC 2016

Mark Felder wrote on 09/07/2016 23:25:
> On Thu, Aug 25, 2016, at 07:49, Miroslav Lachman wrote:
>> I am not sure if this is the right list or not. If not, please redirect
>> me to the right one.
>> I noticed this post from Mark Felder
>> Great work Mark, thank you!
>> I found it very useful. I want this to be part of the nightly reports on
>> all our machines so I tried to write 405.base-audit. It is based on
>> original 410.pkg-audit
>> It can check kernel and world of a host or world in jail or chroot (if
>> freebsd-version is installed in jail or chroot)
>> You can my find first attempt at
> I have been toying with the idea of creating a port that provides a
> script called "baseaudit" that can make it very easy to check your
> system for known vulns. With the majority of the logic in this script we
> could also include this periodic script in the package which would check
> nightly as well. Perhaps we should collaborate on this together? I will
> need to review your script in detail but at a glance it appears very
> thorough.

I filed this PR in the meantime

We are using this patch in our Poudriere package builder. If you think 
new port is better then of course I can help with this.

Any improvement is better than current state where users cannot easily 
audit base system and jails.

Miroslav Lachman

More information about the freebsd-security mailing list