Date: Wed, 21 Jun 2017 13:09:37 -0500 From: Ryan Frederick <ryanrfrederick@gmail.com> To: Andrea Venturoli <ml@netfence.it> Cc: ports@freebsd.org Subject: Re: net-mgmt/nagios-check_ports and jails Message-ID: <23a5901a-75e0-2624-066f-563fa0b181d3@gmail.com> In-Reply-To: <CAHPWjgegj25AXWYnmKpnShLiVhrz11L1-c9D4=X-1=4J8wTqOw@mail.gmail.com> References: <2cfd5c8c-b8b4-720a-5950-02bb59fe070b@netfence.it> <CAHPWjgegj25AXWYnmKpnShLiVhrz11L1-c9D4=X-1=4J8wTqOw@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Andrea, I took a look at ports-mgmt/jailaudit, and it works a bit differently than ports-mgmt/nagios-check_ports. jailaudit makes a list of packages installed in the jail and runs pkg(8) audit outside of the jail against the list. nagios-check_ports, on the other hand, calls pkg(8) audit with the -j option to run inside the jail and thus requires a copy of vuln.xml within the jail. I would suggest running `pkg audit -F` within the jails regularly or setup something to copy vuln.xml into the jails. That being said I do have a bugfix to commit upstream that unbreaks checking for updates within a jail from outside the jail. I'll hopefully get that released soon. Ryan On 06/21/2017 06:59 AM, Ryan Frederick wrote: > Hi Andrea, > > I have a pending pull request upstream that might resolve your issue. > I'll take a look at it later today if time permits. > > Ryan > > On Jun 21, 2017 04:52, "Andrea Venturoli" <ml@netfence.it > <mailto:ml@netfence.it>> wrote: > > Hello. > > I can't seem to get net-mgmt/nagios-check_ports for jails to work. > > Example: > > # pkg audit -F > vulnxml file up-to-date > 0 problem(s) in the installed packages found. > # /usr/local/libexec/nagios/check_ports -j cacti pkg: vulnxml > file (null) does not exist. Try running 'pkg audit -F' first > [: -gt: unexpected operator > PORTS OK - security problem(s). | total_updates=0;0;0 > security_problems=;0;0 > # /usr/local/etc/periodic/security/410.jailaudit > Downloading a current audit database: > pkgng support enabled, using /usr/local/sbin/pkg version 1.10.1. > > portaudit for jails on xxxx.xxxxx - 5 problem(s) found. > > portaudit for jail: cacti (JID: 3) > > apache24-2.4.25_1 is vulnerable: > Apache httpd -- several vulnerabilities > CVE: CVE-2017-7679 > CVE: CVE-2017-7668 > CVE: CVE-2017-7659 > CVE: CVE-2017-3169 > CVE: CVE-2017-3167 > WWW: > https://vuxml.FreeBSD.org/freebsd/0c2db2aa-5584-11e7-9a7d-b499baebfeaf.html > <https://vuxml.FreeBSD.org/freebsd/0c2db2aa-5584-11e7-9a7d-b499baebfeaf.html>; > > 1 problem(s) found. > ... > > > This host is using UFS and the jails on are created with EZJail. > > Any hint? > > bye & Thanks > av. >
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?23a5901a-75e0-2624-066f-563fa0b181d3>