From owner-freebsd-questions@FreeBSD.ORG Fri Feb 27 22:19:16 2015 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 08EE9722 for ; Fri, 27 Feb 2015 22:19:16 +0000 (UTC) Received: from clavin1.langille.org (clavin.langille.org [162.208.116.86]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "clavin.langille.org", Issuer "StartCom Class 2 Primary Intermediate Server CA" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id D0CBD210 for ; Fri, 27 Feb 2015 22:19:15 +0000 (UTC) Received: from (clavin1.int.langille.org (clavin1.int.unixathome.org [10.4.7.7]) (Authenticated sender: hidden) with ESMTPSA id 97505604C ; Fri, 27 Feb 2015 22:19:13 +0000 (UTC) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 8.2 \(2070.6\)) Subject: Re: What's the latest release from freebsd-update? From: Dan Langille In-Reply-To: Date: Fri, 27 Feb 2015 17:19:12 -0500 Content-Transfer-Encoding: quoted-printable Message-Id: <95203083-D36D-4969-A8E8-1E799518F228@langille.org> References: <54E6B8B9.1060204@hiwaay.net> <54E6F04A.5080409@gmail.com> To: "Brian W." X-Mailer: Apple Mail (2.2070.6) Cc: FreeBSD Mailing List X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Feb 2015 22:19:16 -0000 On Feb 24, 2015, at 11:56 AM, Brian W. wrote: >> On Fri, Feb 20, 2015 at 3:28 AM, Johan Hendriks = >> wrote: >>=20 >>>=20 >>> Op 20-02-15 om 05:31 schreef William A. Mahaffey III: >>>=20 >>> On 02/19/15 08:34, Dan Langille wrote: >>>>=20 >>>>> I want to write a check to let us know if a given server is on the >>>>> latest >>>>> version. >>>>>=20 >>>>> For example, how can I determine that FreeBSD 9.3-RELEASE-p5 is = the >>>>> latest >>>>> and greatest? >>>>>=20 >>>>> I could run freebsd-update and see what comes back, but that's not >> ideal >>>>> for a Nagios check. >>>>>=20 >>>>> This output seems promising: >>>>>=20 >>>>> $ sysctl kern.version >>>>> kern.version: FreeBSD 9.3-RELEASE-p5 #0: Mon Nov 3 22:38:58 UTC = 2014 >>>>> root@amd64-builder.daemonology.net:/usr/obj/usr/src/sys/GENERIC >>>>>=20 >>>>> Let's assume we use that as the check for the host. >>>>>=20 >>>>> What do we compare it to? Where can I find out that = 9.3-RELEASE-p6 is >>>>> available? >>>>>=20 >>>>=20 >>>>=20 >>>> I'm running 9.3 (FreeBSD 9.3-RELEASE-p5) as well, & I have noticed >>>> posts going by onlist referencing 9.3-RELEASE-p9 (I think, might = have >>>> been 8), although that is little help to you. You & I are several >>>> months back from today, probably safe to assume something newer is >>>> available. The bottom of >>>> https://www.freebsd.org/doc/handbook/updating-upgrading- >>>> freebsdupdate.html >>>> talks about comparing system versions. If you do a 'freebsd-update >>>> fetch' followed by a 'freebsd-update install' you will be updated = to >>>> the latest & greatest patch level, but I'm not sure there is a way = of >>>> checking that level apriori .... $0.02, no more, no less .... >>>>=20 >>>>=20 >>> Go to the website www.freebsd.org, on the right site there is a = colum >>> security advisories >>>=20 >>> click on the latest, and it will show you the latest patch level of = all >>> versions. Like the example below, the advisory for sctp. >>>=20 >>> -----BEGIN PGP SIGNED MESSAGE----- >>> Hash: SHA512 >>>=20 >>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D= =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >>> =3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D >>> FreeBSD-SA-15:03.sctp Security >>> Advisory >>> The FreeBSD >>> Project >>>=20 >>> Topic: SCTP stream reset vulnerability >>>=20 >>> Category: core >>> Module: sctp >>> Announced: 2015-01-27 >>> Credits: Gerasimos Dimitriadis >>> Affects: All supported versions of FreeBSD. >>> Corrected: 2015-01-27 19:36:08 UTC (stable/10, 10.1-STABLE) >>> 2015-01-27 19:37:02 UTC (releng/10.1, = 10.1-RELEASE-p5) >>> 2015-01-27 19:37:02 UTC (releng/10.0, = 10.0-RELEASE-p17) >>> 2015-01-27 19:36:08 UTC (stable/9, 9.3-STABLE) >>> 2015-01-27 19:37:02 UTC (releng/9.3, 9.3-RELEASE-p9) >>> 2015-01-27 19:36:08 UTC (stable/8, 8.4-STABLE) >>> 2015-01-27 19:37:02 UTC (releng/8.4, 8.4-RELEASE-p23) >>> CVE Name: CVE-2014-8613 >>>=20 >>>=20 > On Feb 24, 2015 8:42 AM, "Dan Langille" = wrote: >> I think that none of these suggestions, while useful, are easily = programmed >> into a Nagios check (for example). > I haven't used Nagios much but can't a freebsd-update fetch be run and = then > the contents of /var/db/freebsd-update/ examined? If updates are ready = to > be installed there will be stuff there. Good suggestion. I thought about this a bit. For example, this is a personal server of mine: $ sudo ls -tl /var/db/freebsd-update | less total 24305 -rw-r--r-- 1 root wheel 225 Feb 27 11:14 tINDEX.present -rw-r--r-- 1 root wheel 112 Feb 27 11:14 tag -rw-r--r-- 1 root wheel 0 Feb 27 11:14 serverlist_full -rw-r--r-- 1 root wheel 0 Feb 27 11:14 serverlist_tried drwx------ 2 root wheel 6 Feb 25 21:54 install.VYWhPb lrwxr-xr-x 1 root wheel 14 Feb 25 21:54 = a42a1b654b786466cfb637b8c8149d2c17163da48c6af0db0efc8b9eb668c0c6-rollback = -> install.VYWhPb drwx------ 2 root wheel 6 Feb 25 21:54 install.wyPL3Y lrwxr-xr-x 1 root wheel 14 Feb 25 21:54 = 33e149b299e14ae478954c5803bdd48402401acbac2611574359df5e8087aa7c-rollback = -> install.wyPL3Y drwxr-xr-x 2 root wheel 26268 Feb 25 21:54 files drwx------ 2 root wheel 6 Feb 25 21:52 install.MlNZrV lrwxr-xr-x 1 root wheel 14 Feb 25 21:52 = f465c3739385890c221dff1a05e578c6cae0d0430e46996d319db7439f884336-rollback = -> install.MlNZrV $ sudo freebsd-update fetch Looking up update.FreeBSD.org mirrors... none found. Fetching metadata signature for 9.3-RELEASE from update.FreeBSD.org... = done. Fetching metadata index... done. Inspecting system... done. Preparing to download files... done. No updates needed to update system to 9.3-RELEASE-p10. $ sudo ls -tl /var/db/freebsd-update | less -rw-r--r-- 1 root wheel 225 Feb 27 22:16 tINDEX.present -rw-r--r-- 1 root wheel 112 Feb 27 22:16 tag -rw-r--r-- 1 root wheel 0 Feb 27 22:16 serverlist_full -rw-r--r-- 1 root wheel 0 Feb 27 22:16 serverlist_tried drwx------ 2 root wheel 6 Feb 25 21:54 install.VYWhPb lrwxr-xr-x 1 root wheel 14 Feb 25 21:54 = a42a1b654b786466cfb637b8c8149d2c17163da48c6af0db0efc8b9eb668c0c6-rollback = -> install.VYWhPb drwx------ 2 root wheel 6 Feb 25 21:54 install.wyPL3Y lrwxr-xr-x 1 root wheel 14 Feb 25 21:54 = 33e149b299e14ae478954c5803bdd48402401acbac2611574359df5e8087aa7c-rollback = -> install.wyPL3Y drwxr-xr-x 2 root wheel 26268 Feb 25 21:54 files drwx------ 2 root wheel 6 Feb 25 21:52 install.MlNZrV lrwxr-xr-x 1 root wheel 14 Feb 25 21:52 = f465c3739385890c221dff1a05e578c6cae0d0430e46996d319db7439f884336-rollback = -> install.MlNZrV It seems to require both non-root access and detailed knowledge of what = is found in that directory. I'm hoping for something simple and easily obtained. Thank you =E2=80=94=20 Dan Langille http://langille.org/