From owner-freebsd-stable@FreeBSD.ORG Mon Dec 16 17:52:19 2013 Return-Path: Delivered-To: freebsd-stable@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 98732E51; Mon, 16 Dec 2013 17:52:19 +0000 (UTC) Received: from mx1.enfer-du-nord.net (mx1.enfer-du-nord.net [91.121.60.26]) (using TLSv1 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx1.freebsd.org (Postfix) with ESMTPS id 620001754; Mon, 16 Dec 2013 17:52:19 +0000 (UTC) Received: from sulu.fritz.box (p5DDC0C3D.dip0.t-ipconnect.de [93.220.12.61]) by mx1.enfer-du-nord.net (Postfix) with ESMTPSA id 3djqmC6PLnzs8; Mon, 16 Dec 2013 18:51:23 +0100 (CET) From: Michael Grimm Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: quoted-printable Subject: from stable/9 to stable/10: some questions Message-Id: <412ADB70-771B-41ED-AF55-F1B6D47CC186@odo.in-berlin.de> Date: Mon, 16 Dec 2013 18:51:23 +0100 To: "freebsd-ports@freebsd.org" , "freebsd-stable@FreeBSD.org" Mime-Version: 1.0 (Mac OS X Mail 6.6 \(1510\)) X-Mailer: Apple Mail (2.1510) X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.17 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 16 Dec 2013 17:52:19 -0000 Hi -- I recently upgraded one of my servers from stable/9 to stable/10 which = worked pretty well. But, there are some questions left: 1) ezjail/jails --------------- I am using ezjail to administrate my jails. During jail startup I will = get warnings like: | WARNING: Per-jail configuration via jail_* variables is obsolete. | Please consider to migrate to /etc/jail.conf. I did read the corresponding section in /usr/src/UPDATING, but I do have = to admit that I do not understand clearly whether it is save to wait for = a modified ezjail port, or better get that fixed by myself. All jails = are running as expected, though. 2) portaudit/jailaudit ---------------------- poudriere tells me that the portaudit port is obsolete now, and that I = should use "pkg audit" instead. Well that's ok, but now the jailaudit = port is skipped because it depends on portaudit. Well, I did find /usr/local/etc/periodic/security/410.pkg-audit, but = that lacks the functionality to check security vulnerabilities of my = ports running in jails. 3) /usr/local/etc/periodic/daily/490.status-pkg-changes ------------------------------------------------------- Again, this script lacks the functionality to monitor changes in = installed packages in jails. Regarding 2) and 3) I hacked two scripts to deal with jails. Actually, I = "stole" code from the portaudit, jailaudit, and 490.status-pkg-changes. = Both scripts are kept in /usr/local/etc/periodic/daily and = /usr/local/etc/periodic/security respectively and are triggered by = specific configuration variables in /etc/periodic.conf IMHO it would be better to deal with jails within 410.pkg-audit and = 490.status-pkg-changes, preferably triggered by configuration variables = on demand, only. Doing that professionally for FreeBSD is far beyond my own scripting = capabilities, sorry. But if someone is willing to add monitoring of = vulnerabilities of ports installed in jails and monitoring changes in = installed packages in jails, and if that person will be interested in = getting my dirty hacked scripts, just let me know. Regards and thanks to all persons involved in getting FBSD 10 done, Michael