> On May 16, 2019, at 5:41 AM, Miroslav Lachman <[email protected]> wrote: > > Alan Somers wrote on 2019/05/16 05:16: >> On Wed, May 15, 2019 at 9:14 PM Miroslav Lachman <[email protected]> wrote: > >>> It would also be good if base system vulnerabilities are first published >>> in FreeBSD vuxml. Then it can be reported to sysadmins by package >>> security/base-audit. >> +1. Reporting base + ports vulnerabilities in a common way would be >> great. I assume that this is already part of the pkgbase project >> being worked on by brd and others. > > The functionality is already there. The only part missing is Security Office > should fill the data in to vuxml at the time of publishing new SA. > > Thanks to Mark Felder > https://blog.feld.me/posts/2016/08/monitoring-freebsd-base-system-vulnerabilities-with-pkg-audit/ > Then I provided periodic script > https://www.freshports.org/security/base-audit/ > <https://www.freshports.org/security/base-audit/>
There’s also this as a “right now” solution if you use nagios: https://github.com/frlen/nagios-plugins/blob/master/check_freebsd_version <https://github.com/frlen/nagios-plugins/blob/master/check_freebsd_version> You do have to adjust it to check only once or twice a day and to provide for a large number of retries, as the remote portion of the check to find the current version often times out. Thanks, Charles > Miroslav Lachman > _______________________________________________ > [email protected] mailing list > https://lists.freebsd.org/mailman/listinfo/freebsd-stable > To unsubscribe, send any mail to "[email protected]" _______________________________________________ [email protected] mailing list https://lists.freebsd.org/mailman/listinfo/freebsd-stable To unsubscribe, send any mail to "[email protected]"
