Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 16 Dec 2013 18:51:23 +0100
From:      Michael Grimm <trashcan@odo.in-berlin.de>
To:        "freebsd-ports@freebsd.org" <freebsd-ports@freebsd.org>, "freebsd-stable@FreeBSD.org" <freebsd-stable@FreeBSD.org>
Subject:   from stable/9 to stable/10: some questions
Message-ID:  <412ADB70-771B-41ED-AF55-F1B6D47CC186@odo.in-berlin.de>

next in thread | raw e-mail | index | archive | help
Hi --

I recently upgraded one of my servers from stable/9 to stable/10 which =
worked pretty well.

But, there are some questions left:

1) ezjail/jails
---------------
I am using ezjail to administrate my jails. During jail startup I will =
get warnings like:

| WARNING: Per-jail configuration via jail_* variables is obsolete.
| Please consider to migrate to /etc/jail.conf.

I did read the corresponding section in /usr/src/UPDATING, but I do have =
to admit that I do not understand clearly whether it is save to wait for =
a modified ezjail port, or better get that fixed by myself. All jails =
are running as expected, though.

2) portaudit/jailaudit
----------------------
poudriere tells me that the portaudit port is obsolete now, and that I =
should use "pkg audit" instead. Well that's ok, but now the jailaudit =
port is skipped because it depends on portaudit.

Well, I did find /usr/local/etc/periodic/security/410.pkg-audit, but =
that lacks the functionality to check security vulnerabilities of my =
ports running in jails.

3) /usr/local/etc/periodic/daily/490.status-pkg-changes
-------------------------------------------------------
Again, this script lacks the functionality to monitor changes in =
installed packages in jails.



Regarding 2) and 3) I hacked two scripts to deal with jails. Actually, I =
"stole" code from the portaudit, jailaudit, and 490.status-pkg-changes. =
Both scripts are kept in /usr/local/etc/periodic/daily and =
/usr/local/etc/periodic/security respectively and are triggered by =
specific configuration variables in /etc/periodic.conf

IMHO it would be better to deal with jails within 410.pkg-audit and =
490.status-pkg-changes, preferably triggered by configuration variables =
on demand, only.

Doing that professionally for FreeBSD is far beyond my own scripting =
capabilities, sorry. But if someone is willing to add monitoring of =
vulnerabilities of ports installed in jails and monitoring changes in =
installed packages in jails, and if that person will be interested in =
getting my dirty hacked scripts, just let me know.

Regards and thanks to all persons involved in getting FBSD 10 done,
Michael




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?412ADB70-771B-41ED-AF55-F1B6D47CC186>