using pkg audit to show base vulnerabilities
000.fbsd at quip.cz
Mon Sep 12 14:21:55 UTC 2016
Mark Felder wrote on 09/07/2016 23:25:
> On Thu, Aug 25, 2016, at 07:49, Miroslav Lachman wrote:
>> I am not sure if this is the right list or not. If not, please redirect
>> me to the right one.
>> I noticed this post from Mark Felder
>> Great work Mark, thank you!
>> I found it very useful. I want this to be part of the nightly reports on
>> all our machines so I tried to write 405.base-audit. It is based on
>> original 410.pkg-audit
>> It can check kernel and world of a host or world in jail or chroot (if
>> freebsd-version is installed in jail or chroot)
>> You can my find first attempt at
> I have been toying with the idea of creating a port that provides a
> script called "baseaudit" that can make it very easy to check your
> system for known vulns. With the majority of the logic in this script we
> could also include this periodic script in the package which would check
> nightly as well. Perhaps we should collaborate on this together? I will
> need to review your script in detail but at a glance it appears very
I filed this PR in the meantime
We are using this patch in our Poudriere package builder. If you think
new port is better then of course I can help with this.
Any improvement is better than current state where users cannot easily
audit base system and jails.
More information about the freebsd-security