Skip site navigation (1)Skip section navigation (2) 
Date:      Fri, 27 Feb 2015 17:19:12 -0500
From:      Dan Langille <dan@langille.org>
To:        "Brian W." <brian@brianwhalen.net>
Cc:        FreeBSD Mailing List <freebsd-questions@freebsd.org>
Subject:   Re: What's the latest release from freebsd-update?
Message-ID:  <95203083-D36D-4969-A8E8-1E799518F228@langille.org>
In-Reply-To: <CADV=szVaOent3zs1G=C1t1teyrgfCbZLMy7AqMf_44LDMvFaGg@mail.gmail.com>
References:  <CABU7BdejfOXh_yhao3=EfSPbk=qFQ08ZBs-iEGSNTBJ47i9RGw@mail.gmail.com> <54E6B8B9.1060204@hiwaay.net> <54E6F04A.5080409@gmail.com> <CABU7Bdfsct-vUE2dMGUWSj8Kp3H20CNfK3U9w3mfH_tyq3vipw@mail.gmail.com> <CADV=szVaOent3zs1G=C1t1teyrgfCbZLMy7AqMf_44LDMvFaGg@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help 
On Feb 24, 2015, at 11:56 AM, Brian W. <brian@brianwhalen.net> wrote:

>> On Fri, Feb 20, 2015 at 3:28 AM, Johan Hendriks =
<joh.hendriks@gmail.com>
>> wrote:
>>=20
>>>=20
>>> Op 20-02-15 om 05:31 schreef William A. Mahaffey III:
>>>=20
>>> On 02/19/15 08:34, Dan Langille wrote:
>>>>=20
>>>>> I want to write a check to let us know if a given server is on the
>>>>> latest
>>>>> version.
>>>>>=20
>>>>> For example, how can I determine that FreeBSD 9.3-RELEASE-p5 is =
the
>>>>> latest
>>>>> and greatest?
>>>>>=20
>>>>> I could run freebsd-update and see what comes back, but that's not
>> ideal
>>>>> for a Nagios check.
>>>>>=20
>>>>> This output seems promising:
>>>>>=20
>>>>> $ sysctl kern.version
>>>>> kern.version: FreeBSD 9.3-RELEASE-p5 #0: Mon Nov  3 22:38:58 UTC =
2014
>>>>> root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC
>>>>>=20
>>>>> Let's assume we use that as the check for the host.
>>>>>=20
>>>>> What do we compare it to?  Where can I find out that =
9.3-RELEASE-p6 is
>>>>> available?
>>>>>=20
>>>>=20
>>>>=20
>>>> I'm running 9.3 (FreeBSD 9.3-RELEASE-p5) as well, & I have noticed
>>>> posts going by onlist referencing 9.3-RELEASE-p9 (I think, might =
have
>>>> been 8), although that is little help to you. You & I are several
>>>> months back from today, probably safe to assume something newer is
>>>> available. The bottom of
>>>> https://www.freebsd.org/doc/handbook/updating-upgrading-
>>>> freebsdupdate.html
>>>> talks about comparing system versions.  If you do a 'freebsd-update
>>>> fetch' followed by a 'freebsd-update install' you will be updated =
to
>>>> the latest & greatest patch level, but I'm not sure there is a way =
of
>>>> checking that level apriori .... $0.02, no more, no less ....
>>>>=20
>>>>=20
>>> Go to the website www.freebsd.org, on the right site there is a =
colum
>>> security advisories
>>>=20
>>> click on the latest, and it will show you the latest patch level of =
all
>>> versions. Like the example below,  the advisory for sctp.
>>>=20
>>> -----BEGIN PGP SIGNED MESSAGE-----
>>> Hash: SHA512
>>>=20
>>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
>>> FreeBSD-SA-15:03.sctp                                       Security
>>> Advisory
>>>                                                          The FreeBSD
>>> Project
>>>=20
>>> Topic:          SCTP stream reset vulnerability
>>>=20
>>> Category:       core
>>> Module:         sctp
>>> Announced:      2015-01-27
>>> Credits:        Gerasimos Dimitriadis
>>> Affects:        All supported versions of FreeBSD.
>>> Corrected:      2015-01-27 19:36:08 UTC (stable/10, 10.1-STABLE)
>>>                2015-01-27 19:37:02 UTC (releng/10.1, =
10.1-RELEASE-p5)
>>>                2015-01-27 19:37:02 UTC (releng/10.0, =
10.0-RELEASE-p17)
>>>                2015-01-27 19:36:08 UTC (stable/9, 9.3-STABLE)
>>>                2015-01-27 19:37:02 UTC (releng/9.3, 9.3-RELEASE-p9)
>>>                2015-01-27 19:36:08 UTC (stable/8, 8.4-STABLE)
>>>                2015-01-27 19:37:02 UTC (releng/8.4, 8.4-RELEASE-p23)
>>> CVE Name:       CVE-2014-8613
>>>=20
>>>=20
> On Feb 24, 2015 8:42 AM, "Dan Langille" <dlangille@sourcefire.com> =
wrote:
>> I think that none of these suggestions, while useful, are easily =
programmed
>> into a Nagios check (for example).

> I haven't used Nagios much but can't a freebsd-update fetch be run and =
then
> the contents of /var/db/freebsd-update/ examined? If updates are ready =
to
> be installed there will be stuff there.

Good suggestion. I thought about this a bit.

For example, this is a personal server of mine:

 $ sudo ls -tl /var/db/freebsd-update | less
total 24305
-rw-r--r--  1 root  wheel    225 Feb 27 11:14 tINDEX.present
-rw-r--r--  1 root  wheel    112 Feb 27 11:14 tag
-rw-r--r--  1 root  wheel      0 Feb 27 11:14 serverlist_full
-rw-r--r--  1 root  wheel      0 Feb 27 11:14 serverlist_tried
drwx------  2 root  wheel      6 Feb 25 21:54 install.VYWhPb
lrwxr-xr-x  1 root  wheel     14 Feb 25 21:54 =
a42a1b654b786466cfb637b8c8149d2c17163da48c6af0db0efc8b9eb668c0c6-rollback =
-> install.VYWhPb
drwx------  2 root  wheel      6 Feb 25 21:54 install.wyPL3Y
lrwxr-xr-x  1 root  wheel     14 Feb 25 21:54 =
33e149b299e14ae478954c5803bdd48402401acbac2611574359df5e8087aa7c-rollback =
-> install.wyPL3Y
drwxr-xr-x  2 root  wheel  26268 Feb 25 21:54 files
drwx------  2 root  wheel      6 Feb 25 21:52 install.MlNZrV
lrwxr-xr-x  1 root  wheel     14 Feb 25 21:52 =
f465c3739385890c221dff1a05e578c6cae0d0430e46996d319db7439f884336-rollback =
-> install.MlNZrV

$ sudo freebsd-update fetch
Looking up update.FreeBSD.org mirrors... none found.
Fetching metadata signature for 9.3-RELEASE from update.FreeBSD.org... =
done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.

No updates needed to update system to 9.3-RELEASE-p10.


$ sudo ls -tl /var/db/freebsd-update | less


-rw-r--r--  1 root  wheel    225 Feb 27 22:16 tINDEX.present
-rw-r--r--  1 root  wheel    112 Feb 27 22:16 tag
-rw-r--r--  1 root  wheel      0 Feb 27 22:16 serverlist_full
-rw-r--r--  1 root  wheel      0 Feb 27 22:16 serverlist_tried
drwx------  2 root  wheel      6 Feb 25 21:54 install.VYWhPb
lrwxr-xr-x  1 root  wheel     14 Feb 25 21:54 =
a42a1b654b786466cfb637b8c8149d2c17163da48c6af0db0efc8b9eb668c0c6-rollback =
-> install.VYWhPb
drwx------  2 root  wheel      6 Feb 25 21:54 install.wyPL3Y
lrwxr-xr-x  1 root  wheel     14 Feb 25 21:54 =
33e149b299e14ae478954c5803bdd48402401acbac2611574359df5e8087aa7c-rollback =
-> install.wyPL3Y
drwxr-xr-x  2 root  wheel  26268 Feb 25 21:54 files
drwx------  2 root  wheel      6 Feb 25 21:52 install.MlNZrV
lrwxr-xr-x  1 root  wheel     14 Feb 25 21:52 =
f465c3739385890c221dff1a05e578c6cae0d0430e46996d319db7439f884336-rollback =
-> install.MlNZrV

It seems to require both non-root access and detailed knowledge of what =
is found in that directory.

I'm hoping for something simple and easily obtained.

Thank you

=E2=80=94=20
Dan Langille
http://langille.org/

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?95203083-D36D-4969-A8E8-1E799518F228>