I have scripts for monitoring vulns in FreeBSD jails. They use third-party scripts. All I wrote was the Nagios part of the solution.
I was preparing slides for my Why I prefer thick jails over thin jails talk at EuroBSDCon 2019. There is still time to register and attend. I was explaining my scripts and was providing links to gist.github.com …
I realized I should create a repo: https://github.com/dlangille/freebsd-nagios-jail
These scripts do the following:
- pkg audit of the host
- pkg audit of each jail (or whatever jails you specify)
- audit of the base OS of the host
- audit of the base OS of each jail (or whatever jails you specify)
I find it useful because known vulnerabilities are brought to my attention via Nagios.
I upgrade my hosts and jails on a regular basis. From time to time I have missed something. Nagios let me know.
Things I’d like to do
I’d like to monitor the installed poudriere jails to see if I have not upgraded them.