Date: Thu, 16 May 2019 14:15:41 -0400 From: Charles Sprickman <spork@bway.net> To: Miroslav Lachman <000.fbsd@quip.cz> Cc: Alan Somers <asomers@freebsd.org>, FreeBSD Stable ML <stable@freebsd.org>, Mel Pilgrim <list_freebsd@bluerosetech.com> Subject: Re: FreeBSD flood of 8 breakage announcements in 3 mins. Message-ID: <137C0B51-9644-400C-89A1-81CEA3390C9E@bway.net> In-Reply-To: <8e472993-2d01-003f-acbb-77f9edf512dc@quip.cz> References: <201905151425.x4FEPNqk065975@fire.js.berklix.net> <e8125e97-6308-5ad0-b850-6825069683d4@bluerosetech.com> <fdb00d1a-3cf2-89ac-a03c-010c8a7501d6@quip.cz> <CAOtMX2hnk2Y3ZD3r5XOgjXp_otMoi_m0uXZ0EFs6WRgGpS9qAw@mail.gmail.com> <8e472993-2d01-003f-acbb-77f9edf512dc@quip.cz>
index | next in thread | previous in thread | raw e-mail
> On May 16, 2019, at 5:41 AM, Miroslav Lachman <000.fbsd@quip.cz> wrote: > > Alan Somers wrote on 2019/05/16 05:16: >> On Wed, May 15, 2019 at 9:14 PM Miroslav Lachman <000.fbsd@quip.cz> wrote: > >>> It would also be good if base system vulnerabilities are first published >>> in FreeBSD vuxml. Then it can be reported to sysadmins by package >>> security/base-audit. >> +1. Reporting base + ports vulnerabilities in a common way would be >> great. I assume that this is already part of the pkgbase project >> being worked on by brd and others. > > The functionality is already there. The only part missing is Security Office should fill the data in to vuxml at the time of publishing new SA. > > Thanks to Mark Felder https://blog.feld.me/posts/2016/08/monitoring-freebsd-base-system-vulnerabilities-with-pkg-audit/ > Then I provided periodic script https://www.freshports.org/security/base-audit/ <https://www.freshports.org/security/base-audit/>; There’s also this as a “right now” solution if you use nagios: https://github.com/frlen/nagios-plugins/blob/master/check_freebsd_version <https://github.com/frlen/nagios-plugins/blob/master/check_freebsd_version>; You do have to adjust it to check only once or twice a day and to provide for a large number of retries, as the remote portion of the check to find the current version often times out. Thanks, Charles > Miroslav Lachman > _______________________________________________ > freebsd-stable@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "freebsd-stable-unsubscribe@freebsd.org"home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?137C0B51-9644-400C-89A1-81CEA3390C9E>