FreeBSD flood of 8 breakage announcements in 3 mins.
Charles Sprickman
spork at bway.net
Thu May 16 18:16:29 UTC 2019
> On May 16, 2019, at 5:41 AM, Miroslav Lachman <000.fbsd at quip.cz> wrote:
>
> Alan Somers wrote on 2019/05/16 05:16:
>> On Wed, May 15, 2019 at 9:14 PM Miroslav Lachman <000.fbsd at quip.cz> wrote:
>
>>> It would also be good if base system vulnerabilities are first published
>>> in FreeBSD vuxml. Then it can be reported to sysadmins by package
>>> security/base-audit.
>> +1. Reporting base + ports vulnerabilities in a common way would be
>> great. I assume that this is already part of the pkgbase project
>> being worked on by brd and others.
>
> The functionality is already there. The only part missing is Security Office should fill the data in to vuxml at the time of publishing new SA.
>
> Thanks to Mark Felder https://blog.feld.me/posts/2016/08/monitoring-freebsd-base-system-vulnerabilities-with-pkg-audit/
> Then I provided periodic script https://www.freshports.org/security/base-audit/ <https://www.freshports.org/security/base-audit/>
There’s also this as a “right now” solution if you use nagios:
https://github.com/frlen/nagios-plugins/blob/master/check_freebsd_version <https://github.com/frlen/nagios-plugins/blob/master/check_freebsd_version>
You do have to adjust it to check only once or twice a day and to provide for a large number of retries, as the remote portion of the check to find the current version often times out.
Thanks,
Charles
> Miroslav Lachman
> _______________________________________________
> freebsd-stable at freebsd.org mailing list
> https://lists.freebsd.org/mailman/listinfo/freebsd-stable
> To unsubscribe, send any mail to "freebsd-stable-unsubscribe at freebsd.org"
More information about the freebsd-stable
mailing list