search

freebsd / pkg

Package management tool for FreeBSD. Help at #pkg on Libera Chat or pkg@FreeBSD.org
Other
748 stars 279 forks source link

410.pkg-audit.in misses 'Database fetched' output #1747

Closed dlangille closed 4 months ago

dlangille commented 5 years ago

I started using /usr/local/etc/periodic/security/410.pkg-audit as part of a Nagios check

Some jails would not have for 'Database fetched', some would.

If I add this line before https://github.com/freebsd/pkg/blob/master/scripts/periodic/410.pkg-audit.in#L65, everything works as expected.

rc=0

I am not sure why. I'll attach debugging output soon.

EDIT RC is always 3 after the the first vuln package is found.

dlangille commented 5 years ago

Questions:

1 - why does 'Database fetched' appear only for some jails?

2 - why is perl5 mentioned only on line 39? It is installed on every jail ANSWER: perl needs a PORTREVISION bump. see https://lists.freebsd.org/pipermail/freebsd-ports/2019-March/115824.html

Here are the jails:

[dan@knew:~] $ jls
   JID  IP Address      Hostname                      Path
    15  10.55.0.21      empty.int.unixathome.org      /iocage/jails/empty/root
    18  10.55.0.14      cliff1.int.unixathome.org     /iocage/jails/cliff1/root
    20  10.55.0.13      toiler.int.unixathome.org     /iocage/jails/toiler/root
    22  10.55.0.113     ansible.int.unixathome.org    /iocage/jails/ansible/root
    24  10.55.0.108     mysql56.int.unixathome.org    /iocage/jails/mysql56/root
    25  10.55.0.114     mysql55.int.unixathome.org    /iocage/jails/mysql55/root
    26  10.55.0.117     fruity-ext.int.unixathome.org /iocage/jails/fruity-ext/root
    27  10.55.0.116     fruity-int.int.unixathome.org /iocage/jails/fruity-int/root
    28  10.55.0.70      snapshots.int.unixathome.org  /iocage/jails/snapshots/root
    29  10.55.0.140     dbclone.int.unixathome.org    /iocage/jails/dbclone/root
    30  10.55.0.36      bacula-sd-01.int.unixathome.o /iocage/jails/bacula-sd-01/root
    31  10.55.0.105     pg10.int.unixathome.org       /iocage/jails/pg10/root
    32  10.55.0.106     pg11.int.unixathome.org       /iocage/jails/pg11/root
    33  10.55.0.107     pg94.int.unixathome.org       /iocage/jails/pg94/root
    34  10.55.0.111     pg95.int.unixathome.org       /iocage/jails/pg95/root
    35 10.55.0.104 pg96.int.unixathome.org /iocage/jails/pg96/root

Here is the output:

[dan@knew:~] $ sudo /usr/local/etc/periodic/security/410.pkg-audit

Checking for packages with security vulnerabilities:
Host system:
Database fetched: Wed Mar 20 18:25:27 UTC 2019

jail: ioc-empty
Database fetched: Wed Mar 20 18:30:11 UTC 2019

jail: ioc-cliff1
Database fetched: Wed Mar 20 18:30:10 UTC 2019

jail: ioc-toiler
Database fetched: Wed Mar 20 18:30:10 UTC 2019

jail: ioc-ansible
Database fetched: Wed Mar 20 18:30:11 UTC 2019

jail: ioc-mysql56
Database fetched: Wed Mar 20 18:30:10 UTC 2019

jail: ioc-mysql55
Database fetched: Wed Mar 20 14:17:28 UTC 2019
mysql55-server-5.5.62_1

jail: ioc-fruity-ext

jail: ioc-fruity-int

jail: ioc-snapshots

jail: ioc-dbclone

jail: ioc-bacula-sd-01

jail: ioc-pg10

jail: ioc-pg11
perl5-5.26.3: Tag: expiration_date Value: 2020-05-31
perl5-5.26.3: Tag: deprecated Value: Support ends three years after .0 release, please upgrade to a more recent version of Perl

jail: ioc-pg94

jail: ioc-pg95

jail: ioc-pg96
dlangille commented 5 years ago

This is my patch for debugging purposes.

410.pkg-audit.patch.txt

dlangille commented 5 years ago

This is the output of a patched script:

[dan@knew:~/bin] $ sudo ~/bin/410.pkg-audit 

Checking for packages with security vulnerabilities:
Host system:
******************************************* starting
rc is 0
rc is 0
rc is 0
auditfile is /var/db/pkg/vuln.xml with 1553106327 and 1553110190
86400
4463
Database fetched: Wed Mar 20 18:25:27 UTC 2019

jail: ioc-empty
******************************************* starting
rc is 0
rc is 0
rc is 0
auditfile is /iocage/jails/empty/root/var/db/pkg/vuln.xml with 1553106611 and 1553110190
86400
4179
Database fetched: Wed Mar 20 18:30:11 UTC 2019

jail: ioc-cliff1
******************************************* starting
rc is 0
rc is 0
rc is 0
auditfile is /iocage/jails/cliff1/root/var/db/pkg/vuln.xml with 1553106610 and 1553110190
86400
4180
Database fetched: Wed Mar 20 18:30:10 UTC 2019

jail: ioc-toiler
******************************************* starting
rc is 0
rc is 0
rc is 0
auditfile is /iocage/jails/toiler/root/var/db/pkg/vuln.xml with 1553106610 and 1553110190
86400
4180
Database fetched: Wed Mar 20 18:30:10 UTC 2019

jail: ioc-ansible
******************************************* starting
rc is 0
rc is 0
rc is 0
auditfile is /iocage/jails/ansible/root/var/db/pkg/vuln.xml with 1553106611 and 1553110190
86400
4179
Database fetched: Wed Mar 20 18:30:11 UTC 2019

jail: ioc-mysql56
******************************************* starting
rc is 0
rc is 0
rc is 0
auditfile is /iocage/jails/mysql56/root/var/db/pkg/vuln.xml with 1553106610 and 1553110190
86400
4180
Database fetched: Wed Mar 20 18:30:10 UTC 2019

jail: ioc-mysql55
******************************************* starting
rc is 0
rc is 0
rc is 0
auditfile is /iocage/jails/mysql55/root/var/db/pkg/vuln.xml with 1553091448 and 1553110190
86400
19342
Database fetched: Wed Mar 20 14:17:28 UTC 2019
mysql55-server-5.5.62_1

jail: ioc-fruity-ext
******************************************* starting
rc is 0
rc is 0
rc is 0
auditfile is /iocage/jails/fruity-ext/root/var/db/pkg/vuln.xml with 1553091449 and 1553110190
86400
19341
Database fetched: Wed Mar 20 14:17:29 UTC 2019

jail: ioc-fruity-int
******************************************* starting
rc is 0
rc is 0
rc is 0
auditfile is /iocage/jails/fruity-int/root/var/db/pkg/vuln.xml with 1553091449 and 1553110190
86400
19341
Database fetched: Wed Mar 20 14:17:29 UTC 2019

jail: ioc-snapshots
******************************************* starting
rc is 0
rc is 0
rc is 0
auditfile is /iocage/jails/snapshots/root/var/db/pkg/vuln.xml with 1553091449 and 1553110190
86400
19341
Database fetched: Wed Mar 20 14:17:29 UTC 2019

jail: ioc-dbclone
******************************************* starting
rc is 0
rc is 0
rc is 0
auditfile is /iocage/jails/dbclone/root/var/db/pkg/vuln.xml with 1553091450 and 1553110191
86400
19341
Database fetched: Wed Mar 20 14:17:30 UTC 2019

jail: ioc-bacula-sd-01
******************************************* starting
rc is 0
rc is 0
rc is 0
auditfile is /iocage/jails/bacula-sd-01/root/var/db/pkg/vuln.xml with 1553091450 and 1553110191
86400
19341
Database fetched: Wed Mar 20 14:17:30 UTC 2019

jail: ioc-pg10
******************************************* starting
rc is 0
rc is 0
rc is 0
auditfile is /iocage/jails/pg10/root/var/db/pkg/vuln.xml with 1553091451 and 1553110191
86400
19340
Database fetched: Wed Mar 20 14:17:31 UTC 2019

jail: ioc-pg11
******************************************* starting
rc is 0
rc is 0
rc is 0
auditfile is /iocage/jails/pg11/root/var/db/pkg/vuln.xml with 1553091451 and 1553110191
86400
19340
Database fetched: Wed Mar 20 14:17:31 UTC 2019
perl5-5.26.3: Tag: expiration_date Value: 2020-05-31
perl5-5.26.3: Tag: deprecated Value: Support ends three years after .0 release, please upgrade to a more recent version of Perl

jail: ioc-pg94
******************************************* starting
rc is 0
rc is 0
rc is 0
auditfile is /iocage/jails/pg94/root/var/db/pkg/vuln.xml with 1553091451 and 1553110191
86400
19340
Database fetched: Wed Mar 20 14:17:31 UTC 2019

jail: ioc-pg95
******************************************* starting
rc is 0
rc is 0
rc is 0
auditfile is /iocage/jails/pg95/root/var/db/pkg/vuln.xml with 1553091452 and 1553110191
86400
19339
Database fetched: Wed Mar 20 14:17:32 UTC 2019

jail: ioc-pg96
******************************************* starting
rc is 0
rc is 0
rc is 0
auditfile is /iocage/jails/pg96/root/var/db/pkg/vuln.xml with 1553091452 and 1553110191
86400
19339
Database fetched: Wed Mar 20 14:17:32 UTC 2019