Date: Wed, 02 Sep 2015 10:33:25 -0400 From: Ernie Luzar <luzar722@gmail.com> To: Matthew Seaman <matthew@FreeBSD.org> Cc: freebsd-questions@freebsd.org Subject: Re: fail to fetch vulnxml file each night, as seen in daily security, run output. Message-ID: <55E708B5.7020507@gmail.com> In-Reply-To: <55E70319.7060604@FreeBSD.org> References: <55E700C9.4080000@gmail.com> <55E70319.7060604@FreeBSD.org>
next in thread | previous in thread | raw e-mail | index | archive | help
Matthew Seaman wrote: > On 2015/09/02 14:59, Ernie Luzar wrote: > >> I get the following message in the daily security run output on both my >> 10.1 and 10.2 systems. Both which were installed from scratch using a >> cdisc1.iso file. >> >> Checking for packages with security vulnerabilities: >> pkg: >> > : No route to host > >> pkg: cannot fetch vulnxml file >> > > Well? Did you verify if you could fetch the audit file manually? Try: > > # pkg audit -F > > If that doesn't work, start investigating why your jails can't connect > properly. vuxml.freebsd.org is on a GeoIP load balancer, so you should > get directed to a nearby mirror. > > Try this -- you should see similar output, but probably to a different > IP number: > > # curl -v -o /dev/null http://vuxml.freebsd.org/freebsd/vuln.xml.bz2 > % Total % Received % Xferd Average Speed Time Time Time > Current > Dload Upload Total Spent Left > Speed > 0 0 0 0 0 0 0 0 --:--:-- --:--:-- --:--:-- > 0* Trying 2001:41c8:112:8300::50:5... > * Connected to vuxml.freebsd.org (2001:41c8:112:8300::50:5) port 80 (#0) > >> GET /freebsd/vuln.xml.bz2 HTTP/1.1 >> Host: vuxml.freebsd.org >> User-Agent: curl/7.43.0 >> Accept: */* >> >> > < HTTP/1.1 200 OK > < Date: Wed, 02 Sep 2015 14:05:36 GMT > < Content-Type: application/x-bzip > < Content-Length: 538363 > < Last-Modified: Wed, 02 Sep 2015 00:35:15 GMT > < Connection: keep-alive > < ETag: "55e64443-836fb" > < Server: ToTheCloud/v0.01beta > < Accept-Ranges: bytes > < > { [11164 bytes data] > 100 525k 100 525k 0 0 4511k 0 --:--:-- --:--:-- --:--:-- > 4571k > * Connection #0 to host vuxml.freebsd.org left intact > > If it doesn't work, it should at least give you some clues as to what is > going wrong. If it does work, then see if the daily cron job has > mysteriously started working again, in which case you can put the > problem down to something temporary; outside your network and beyond > your control. > > >> -- End of security output -- >> >> >> Is this normal by design? >> > > Why would we publish a script that intentionally doesn't work? No, it > isn't normal and neither is it by design. > > Cheers, > > Matthew > > > I just ran "pkg audit -F" command and got the same message again. When I launch http://vuxml.freebsd.org/freebsd/vuln.xml.bz2 in my browser I get a 404. This means the vuln.xml.bz2 file is not present.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55E708B5.7020507>