I’m using FreeBSD 9.2 and Nagios 3.5.1.
A few weeks ago I wrote about freebsd-update reminding you to upgrade your affected systems. Since then, freebsd-update has continued to send me false positives about upgrading.
Suggestions have been made that I track down Colin Percival at BSDCan 2014, which starts in few days. However, I know at least four people have already arrived, two days before any official event, the first of which is the inaugural goatBOF. That’s one of the great things about attending a tech conference, especially a small event such as BSDCan or PGCon; you can talk face-to-face with the people who created the tools you love/hate and ask them about how to fix something. If you purchase their favourite beverage, you are very much on the road to success.
The problem
The original problem was freebsd-update, which started to annoy me greatly. I have only a handful of servers. I can imagine what it’s like for people with many more than I have. I posted to Twitter about this and a suggestion was made to replace email-monitoring with real monitoring. Putting aside the politics of which you prefer, I remembered an older problem I was trying to solve: pkg audit.
The new problem
Yes, this isn’t about fixing freebsd-update.
Back in February, I raised a PR about portaudit pointing out that it did not play will with pkg. I decide to deinstall portaudit and write my own script. Better still, the script is a Nagios plugin.
Bonus: it works!
Profit: it works for both jails and hosts.
Check out the screen shot which shows both a host and a jail with vulnerabilities.
Profit?
I have removed both portaudit and jailaudit from all of my hosts. One less thing to read in email.
I hope this helps you as well.
This just in… It seems this has been fixed in stable.
And there is a way to fix it, but I can’t understand it.