Last active
March 1, 2022 12:57
-
-
Save dlangille/f8cbf363aef45ced0c0f to your computer and use it in GitHub Desktop.
Find all pkg audit issues in FreeBSD jails and hosts.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| #!/bin/sh | |
| JLS="/usr/sbin/jls" | |
| PKG="/usr/sbin/pkg" | |
| # list of the jail ids for all jails | |
| JAILS=`${JLS} jid` | |
| RESULT="" | |
| CHECKING=$1 | |
| if [ "${CHECKING}" != 'host' ] | |
| then | |
| for jail in ${JAILS} | |
| do | |
| JAILSTATUS=`${PKG} -j ${jail} audit -q` | |
| if [ "${JAILSTATUS}" != "" ] | |
| then | |
| HOSTNAME=`${JLS} -j ${jail} host.hostname` | |
| RESULT="${RESULT}${HOSTNAME}: ${JAILSTATUS} " | |
| fi | |
| done | |
| else | |
| RESULT=`${PKG} audit -q` | |
| if [ "${RESULT}" != "" ] | |
| then | |
| RESULT="`hostname`: ${RESULT}" | |
| fi | |
| fi | |
| if [ "${RESULT}" == "" ] | |
| then | |
| echo 'No problems found' | |
| exit 0 | |
| else | |
| echo ${RESULT} | |
| exit 2 | |
| fi | |
I think the goals of these scripts can be replaced with:
/usr/local/etc/periodic/security/405.pkg-base-audit/usr/local/etc/periodic/security/410.pkg-audit
And these /etc/periodic.conf settings:
pkg_jails='*'
security_status_baseaudit_enable="YES"
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Nevermind, this does just the same, was too tired in the morning :)
If you look at the bitbucket link I gave, you can do it like this:
I'll put a link, useless markup trying to make me go suicidal.
http://hastebin.com/utijotomif.vhdl