Skip to content

Instantly share code, notes, and snippets.

@dlangille
Last active March 1, 2022 12:57
Show Gist options
  • Star 5 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save dlangille/f8cbf363aef45ced0c0f to your computer and use it in GitHub Desktop.
Save dlangille/f8cbf363aef45ced0c0f to your computer and use it in GitHub Desktop.
Find all pkg audit issues in FreeBSD jails and hosts.
#!/bin/sh
JLS="/usr/sbin/jls"
PKG="/usr/sbin/pkg"
# list of the jail ids for all jails
JAILS=`${JLS} jid`
RESULT=""
CHECKING=$1
if [ "${CHECKING}" != 'host' ]
then
for jail in ${JAILS}
do
JAILSTATUS=`${PKG} -j ${jail} audit -q`
if [ "${JAILSTATUS}" != "" ]
then
HOSTNAME=`${JLS} -j ${jail} host.hostname`
RESULT="${RESULT}${HOSTNAME}: ${JAILSTATUS} "
fi
done
else
RESULT=`${PKG} audit -q`
if [ "${RESULT}" != "" ]
then
RESULT="`hostname`: ${RESULT}"
fi
fi
if [ "${RESULT}" == "" ]
then
echo 'No problems found'
exit 0
else
echo ${RESULT}
exit 2
fi
@dlangille
Copy link
Author

dlangille commented Mar 17, 2019

I think the goals of these scripts can be replaced with:

  • /usr/local/etc/periodic/security/405.pkg-base-audit
  • /usr/local/etc/periodic/security/410.pkg-audit

And these /etc/periodic.conf settings:

pkg_jails='*'
security_status_baseaudit_enable="YES" 

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment