From owner-freebsd-stable@freebsd.org Thu May 16 18:16:29 2019 Return-Path: Delivered-To: freebsd-stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 8E72915A3280 for ; Thu, 16 May 2019 18:16:29 +0000 (UTC) (envelope-from spork@bway.net) Received: from mailman.ysv.freebsd.org (mailman.ysv.freebsd.org [IPv6:2001:1900:2254:206a::50:5]) by mx1.freebsd.org (Postfix) with ESMTP id B7FE16D6BE for ; Thu, 16 May 2019 18:16:28 +0000 (UTC) (envelope-from spork@bway.net) Received: by mailman.ysv.freebsd.org (Postfix) id 783A315A327F; Thu, 16 May 2019 18:16:28 +0000 (UTC) Delivered-To: stable@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 3D7E215A327E for ; Thu, 16 May 2019 18:16:28 +0000 (UTC) (envelope-from spork@bway.net) Received: from smtp1.bway.net (smtp1.v6.bway.net [IPv6:2607:d300:1::27]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id D23936D6B5; Thu, 16 May 2019 18:16:27 +0000 (UTC) (envelope-from spork@bway.net) Received: from frankentosh.sporklab.com (pool-173-70-93-30.nwrknj.fios.verizon.net [173.70.93.30]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) (Authenticated sender: spork@bway.net) by smtp1.bway.net (Postfix) with ESMTPSA id D94FB958BA; Thu, 16 May 2019 14:16:20 -0400 (EDT) From: Charles Sprickman Message-Id: <137C0B51-9644-400C-89A1-81CEA3390C9E@bway.net> Mime-Version: 1.0 (Mac OS X Mail 10.3 \(3273\)) Subject: Re: FreeBSD flood of 8 breakage announcements in 3 mins. Date: Thu, 16 May 2019 14:15:41 -0400 In-Reply-To: <8e472993-2d01-003f-acbb-77f9edf512dc@quip.cz> Cc: Alan Somers , FreeBSD Stable ML , Mel Pilgrim To: Miroslav Lachman <000.fbsd@quip.cz> References: <201905151425.x4FEPNqk065975@fire.js.berklix.net> <8e472993-2d01-003f-acbb-77f9edf512dc@quip.cz> X-Mailer: Apple Mail (2.3273) X-Rspamd-Queue-Id: D23936D6B5 X-Spamd-Bar: ------ X-Spamd-Result: default: False [-6.99 / 15.00]; NEURAL_HAM_MEDIUM(-1.00)[-1.000,0]; NEURAL_HAM_SHORT(-0.99)[-0.988,0]; REPLY(-4.00)[]; NEURAL_HAM_LONG(-1.00)[-1.000,0] Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.29 X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.29 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 16 May 2019 18:16:29 -0000 > On May 16, 2019, at 5:41 AM, Miroslav Lachman <000.fbsd@quip.cz> = wrote: >=20 > Alan Somers wrote on 2019/05/16 05:16: >> On Wed, May 15, 2019 at 9:14 PM Miroslav Lachman <000.fbsd@quip.cz> = wrote: >=20 >>> It would also be good if base system vulnerabilities are first = published >>> in FreeBSD vuxml. Then it can be reported to sysadmins by package >>> security/base-audit. >> +1. Reporting base + ports vulnerabilities in a common way would be >> great. I assume that this is already part of the pkgbase project >> being worked on by brd and others. >=20 > The functionality is already there. The only part missing is Security = Office should fill the data in to vuxml at the time of publishing new = SA. >=20 > Thanks to Mark Felder = https://blog.feld.me/posts/2016/08/monitoring-freebsd-base-system-vulnerab= ilities-with-pkg-audit/ > Then I provided periodic script = https://www.freshports.org/security/base-audit/ = There=E2=80=99s also this as a =E2=80=9Cright now=E2=80=9D solution if = you use nagios: = https://github.com/frlen/nagios-plugins/blob/master/check_freebsd_version = You do have to adjust it to check only once or twice a day and to = provide for a large number of retries, as the remote portion of the = check to find the current version often times out. Thanks, Charles > Miroslav Lachman > _______________________________________________ > freebsd-stable@freebsd.org mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to = "freebsd-stable-unsubscribe@freebsd.org"