Skip to content

Instantly share code, notes, and snippets.

@dlangille
Last active Mar 1, 2022
Embed
What would you like to do?
Find all pkg audit issues in FreeBSD jails and hosts.
#!/bin/sh
JLS="/usr/sbin/jls"
PKG="/usr/sbin/pkg"
# list of the jail ids for all jails
JAILS=`${JLS} jid`
RESULT=""
CHECKING=$1
if [ "${CHECKING}" != 'host' ]
then
for jail in ${JAILS}
do
JAILSTATUS=`${PKG} -j ${jail} audit -q`
if [ "${JAILSTATUS}" != "" ]
then
HOSTNAME=`${JLS} -j ${jail} host.hostname`
RESULT="${RESULT}${HOSTNAME}: ${JAILSTATUS} "
fi
done
else
RESULT=`${PKG} audit -q`
if [ "${RESULT}" != "" ]
then
RESULT="`hostname`: ${RESULT}"
fi
fi
if [ "${RESULT}" == "" ]
then
echo 'No problems found'
exit 0
else
echo ${RESULT}
exit 2
fi
@dlangille
Copy link
Author

dlangille commented Mar 17, 2019

I think the goals of these scripts can be replaced with:

  • /usr/local/etc/periodic/security/405.pkg-base-audit
  • /usr/local/etc/periodic/security/410.pkg-audit

And these /etc/periodic.conf settings:

pkg_jails='*'
security_status_baseaudit_enable="YES" 

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment