Date: Fri, 19 Nov 2021 11:17:43 +0200 From: Andriy Gapon <avg@FreeBSD.org> To: Baptiste Daroussin <bapt@FreeBSD.org> Cc: FreeBSD Ports <ports@FreeBSD.org> Subject: Re: pkg audit: security problems only Message-ID: <71d44469-bc53-fa50-8513-89a3f52d5497@FreeBSD.org> In-Reply-To: <20211119084744.irhskceo7c5p5iah@aniel.nours.eu> References: <34ea8551-b2a0-2b72-6217-56e6c0228ed4@FreeBSD.org> <20211119084744.irhskceo7c5p5iah@aniel.nours.eu>
next in thread | previous in thread | raw e-mail | index | archive | help
On 19/11/2021 10:47, Baptiste Daroussin wrote:
> On Fri, Nov 19, 2021 at 10:31:37AM +0200, Andriy Gapon wrote:
>>
>> Is there an option to limit pkg audit to report security problems only?
>>
>> Right now the corresponding periodic script reports a lot of (what I
>> consider to be) noise every night. It's about deprecated packages, mostly
>> depending on python 2.7. And I consider those reports to be noise because
>> 90% of reported packages are not actually going to be removed (e.g., kmail,
>> korganizer, etc).
>>
>> So, I would like to be getting a security focused report useful for end users.
>> Is that possible?
>> Thank you!
>>
>
> From the periodic script here are all the parameters:
>
> : ${security_status_pkgaudit_enable:=YES}
> : ${security_status_pkgaudit_period:=daily}
> : ${security_status_pkgaudit_quiet:=YES}
> : ${security_status_pkgaudit_chroots=$pkg_chroots}
> : ${security_status_pkgaudit_jails=$pkg_jails}
> : ${security_status_pkgaudit_jails_ignore+=""}
> : ${security_status_pkgaudit_expiry:=2}
> : ${security_status_pkgaudit_expiration:=YES}
> : ${security_status_pkgaudit_deprecation:=YES}
Thank you!
Before asking I checked two places, pkg help audit and /etc/periodic, and I came
up empty.
I didn't think of checking /usr/local/etc/periodic/ or pkg annotate.
--
Andriy Gapon
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?71d44469-bc53-fa50-8513-89a3f52d5497>