Date: Thu, 16 May 2019 14:15:41 -0400 From: Charles Sprickman <spork@bway.net> To: Miroslav Lachman <000.fbsd@quip.cz> Cc: Alan Somers <asomers@freebsd.org>, FreeBSD Stable ML <stable@freebsd.org>, Mel Pilgrim <list_freebsd@bluerosetech.com> Subject: Re: FreeBSD flood of 8 breakage announcements in 3 mins. Message-ID: <137C0B51-9644-400C-89A1-81CEA3390C9E@bway.net> In-Reply-To: <8e472993-2d01-003f-acbb-77f9edf512dc@quip.cz> References: <201905151425.x4FEPNqk065975@fire.js.berklix.net> <e8125e97-6308-5ad0-b850-6825069683d4@bluerosetech.com> <fdb00d1a-3cf2-89ac-a03c-010c8a7501d6@quip.cz> <CAOtMX2hnk2Y3ZD3r5XOgjXp_otMoi_m0uXZ0EFs6WRgGpS9qAw@mail.gmail.com> <8e472993-2d01-003f-acbb-77f9edf512dc@quip.cz>
next in thread | previous in thread | raw e-mail | index | archive | help
> On May 16, 2019, at 5:41 AM, Miroslav Lachman <000.fbsd@quip.cz> = wrote: >=20 > Alan Somers wrote on 2019/05/16 05:16: >> On Wed, May 15, 2019 at 9:14 PM Miroslav Lachman <000.fbsd@quip.cz> = wrote: >=20 >>> It would also be good if base system vulnerabilities are first = published >>> in FreeBSD vuxml. Then it can be reported to sysadmins by package >>> security/base-audit. >> +1. Reporting base + ports vulnerabilities in a common way would be >> great. I assume that this is already part of the pkgbase project >> being worked on by brd and others. >=20 > The functionality is already there. The only part missing is Security = Office should fill the data in to vuxml at the time of publishing new = SA. >=20 > Thanks to Mark Felder = https://blog.feld.me/posts/2016/08/monitoring-freebsd-base-system-vulnerab= ilities-with-pkg-audit/ > Then I provided periodic script = https://www.freshports.org/security/base-audit/ = <https://www.freshports.org/security/base-audit/>; There=E2=80=99s also this as a =E2=80=9Cright now=E2=80=9D solution if = you use nagios: = https://github.com/frlen/nagios-plugins/blob/master/check_freebsd_version = <https://github.com/frlen/nagios-plugins/blob/master/check_freebsd_version= > You do have to adjust it to check only once or twice a day and to = provide for a large number of retries, as the remote portion of the = check to find the current version often times out. Thanks, Charles > Miroslav Lachman > _______________________________________________ > freebsd-stable@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to = "freebsd-stable-unsubscribe@freebsd.org"
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?137C0B51-9644-400C-89A1-81CEA3390C9E>