From owner-freebsd-questions@FreeBSD.ORG Wed Jul 30 15:07:08 2014 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) (using TLSv1 with cipher ADH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id AD0161A3 for ; Wed, 30 Jul 2014 15:07:08 +0000 (UTC) Received: from smtp.infracaninophile.co.uk (smtp6.infracaninophile.co.uk [IPv6:2001:8b0:151:1:3cd3:cd67:fafa:3d78]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "smtp.infracaninophile.co.uk", Issuer "ca.infracaninophile.co.uk" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 590862A7F for ; Wed, 30 Jul 2014 15:07:08 +0000 (UTC) Received: from ox-dell39.ox.adestra.com (no-reverse-dns.metronet-uk.com [85.199.232.226] (may be forged)) (authenticated bits=0) by smtp.infracaninophile.co.uk (8.14.9/8.14.9) with ESMTP id s6UF70db060797 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES128-SHA bits=128 verify=NO) for ; Wed, 30 Jul 2014 16:07:01 +0100 (BST) (envelope-from matthew@freebsd.org) Authentication-Results: lucid-nonsense.infracaninophile.co.uk; dmarc=none header.from=freebsd.org DKIM-Filter: OpenDKIM Filter v2.9.2 smtp.infracaninophile.co.uk s6UF70db060797 Authentication-Results: smtp.infracaninophile.co.uk/s6UF70db060797; dkim=none reason="no signature"; dkim-adsp=none; dkim-atps=neutral X-Authentication-Warning: lucid-nonsense.infracaninophile.co.uk: Host no-reverse-dns.metronet-uk.com [85.199.232.226] (may be forged) claimed to be ox-dell39.ox.adestra.com Message-ID: <53D90A0A.3080103@freebsd.org> Date: Wed, 30 Jul 2014 16:06:50 +0100 From: Matthew Seaman User-Agent: Mozilla/5.0 (X11; FreeBSD amd64; rv:24.0) Gecko/20100101 Thunderbird/24.6.0 MIME-Version: 1.0 To: freebsd-questions@freebsd.org Subject: Re: pkg audit not working like portaudit References: In-Reply-To: X-Enigmail-Version: 1.6 Content-Type: multipart/signed; micalg=pgp-sha512; protocol="application/pgp-signature"; boundary="Xqv5gRvwSWSwNv998S7C2S7buOltfO0lp" X-Virus-Scanned: clamav-milter 0.98.4 at lucid-nonsense.infracaninophile.co.uk X-Virus-Status: Clean X-Spam-Status: No, score=-1.2 required=5.0 tests=AWL,BAYES_00,RDNS_NONE, URIBL_BLOCKED autolearn=no autolearn_force=no version=3.4.0 X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on lucid-nonsense.infracaninophile.co.uk X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.18 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 30 Jul 2014 15:07:08 -0000 This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --Xqv5gRvwSWSwNv998S7C2S7buOltfO0lp Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: quoted-printable On 07/30/14 15:22, Aleksandr Miroslav wrote: > I used to be able to do something like this with portaudit in my cron j= obs: >=20 > portaudit > /dev/null || portaudit |mailx -s portaudit root >=20 > i.e. portaudit returned a non-zero value when there were vulnerabilitie= s. >=20 > I expected "pkg audit" to do the same, but apparently it always > returns zero. Is there some way to get the old portaudit behavior or > do I have to write a script to parse the output? Not indicating the presence of vulnerabilities in the return code of 'pkg audit' is certainly worth opening an issue at https://github.com/freebsd/pkg/issues However, try using: pkg audit -q which should not print anything unless it does find vulnerabilities, so by the usual cron logic, you'll only get an email when there's a problem.= There's also /usr/local/etc/periodic/security/410.pkg-audit which you can enable as a normal periodic(8) job. Cheers, Matthew --Xqv5gRvwSWSwNv998S7C2S7buOltfO0lp Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQJ8BAEBCgBmBQJT2QoUXxSAAAAAAC4AKGlzc3Vlci1mcHJAbm90YXRpb25zLm9w ZW5wZ3AuZmlmdGhob3JzZW1hbi5uZXQxOUYxNTRFQ0JGMTEyRTUwNTQ0RTNGMzAw MDUxM0YxMEUwQTlFNEU3AAoJEABRPxDgqeTnwAkP/RTggcmqF4mDBYpzOU+OUiWb q/OjIK9hmAi/aX1FZ57ot1vhCpn9tZyRQ5sxy6YQZMhRVn5agrAzKg2/tWMf/Atp qeX64HUlU8zPVbjk9tOOTKPomHAqy0pYmUAJGlm9ZnJ4w30o/SX/8abTT/s/6L8q KEP01rm9BgRTJB3verqAOtGOLC94YGIlVHtNfX1Ox9i1Z/yk3Qe2SHS6S6X7NuRG VkGcYhFRASCfTz1fCC1RgHtIv8FupLuemZU83JevugylZ/IHMpyFgGMFjvVr2F0t rDBopMFIw1aoK7GayuwK8uybgbRVMLsH5qJQjK5jzxtWasRv/TT1wuwLKcSHRRA3 p0hHtaBRO8o109J4TMX3gFKZ0d1d+81+Oiv+ItFPoma6KcA9nD4et8dqR+VvB4Gj 8LGwx6/jdEVLjGHZfehHZ6l6nxGFvjOwex0hfjKwdBsTLWiPMp6X6d04P/uJzFCK paRY4jfvZXH4ivho1txuS+X29ir9JgTgCa8crmCGvWT0vmNsjg6XGK7ImNeseyLT mGT2Pwnw1oEiNbjtmoJzC3hyeLXlbVb0ICND9VVbfRUU6x2UWTGK3gmc5xUJKeK2 VynQ4sMG9lwmg16BBvB61vpGLpr0u2gJEjfgBrBiahQd5B+TiMky04Nb4+w9+Oei AtRirRdxUKIjTR51E53j =u5d7 -----END PGP SIGNATURE----- --Xqv5gRvwSWSwNv998S7C2S7buOltfO0lp--