Daily email from Charlie Root

[bgroper]

Charlie keeps messaging me each day, with the following (or similar) :

Subject: freebsd13-desktop daily security run output

Checking for packages with security vulnerabilities:
Database fetched: Wed May 17 03:03:20 AEST 2023
py39-setuptools-63.1.0
xorg-server-21.1.7,1
db5-5.3.28_9: Tag: expiration_date Value: 2022-06-30
db5-5.3.28_9: Tag: deprecated Value: EOLd, potential security issues, maybe use db18 instead
qt5-webengine-5.15.8: Tag: deprecated Value: Uses Python 2.7 which is EOLed upstream

-- End of security output --

I appreciate Charlie's concern for the care and feeding of my FreeBSD system.
Please, is there anything/s I need to do, or should do, to alleviate Charlie's concerns ?
TIA's for any tips or clues.

 

[ralphbsz]

Yes, you should. This is a very valuable message. For each of the packages listed there, you should check whether you can upgrade it. If yes, do so, to close a potential security hole. If no, decide whether you want to uninstall the package, or whether you want take the risk of continuing to use it. Sadly, if you go for the last option (continue to use), I don't know a way to tell the daily package check to stop sending these messages, so just learn to ignore those where you feel you are not vulnerable.

 

[bgroper]

I've already done all the pkg update and pkg upgrade.

"Your packages are up to date."

 

[richardtoohey2]

Don't know about the bulk of them, but that Python setuptools has been hanging around for a while and I don't think there's an update available for it yet.

db5 is very old. Is it something that pkg autoremove deals with (please don't try it, I'm asking the forums!)

 

[Phishfry]

/usr/local/etc/periodic/security/410.pkg-audit

${security_status_pkgaudit_enable:=YES}

periodic.conf

man.freebsd.org

FreeBSD Periodic Scripts

FreeBSD provides a built-in mechanism for periodic scripts to report on the health of the system and perform various routine maintenance tasks. Learn how to take full advantage of the FreeBSD’s periodic system.

klarasystems.com

 

[bgroper]

Thanks, I'll do some more reading of the fine manual (RTFM), and keep searching for what I can do to help keep Charlie placated.
Meanwhile, I respect Charlie's wisdom, and appreciate his assistance with keeping my system running optimally.

 

[Phishfry]

I like to tie Charlie up and throw him in the closet.

/etc/rc.conf

cron_enable="NO"
sendmail_enable="NONE"
sendmail_submit_enable="NO"
sendmail_outbound_enable="NO"
sendmail_msp_queue_enable="NO"

 

[bgroper]

I like to tie Charlie up and throw him in the closet.

Charlie is welcome to become a trusted and valued member of our team. I'm not going to nuke him.

 

[dns.company]

I like to tie Charlie up and throw him in the closet.

But I presume you'd still desire access to his/her home.

 

[mer]

One can also set variables so the output of the scripts goes to a file instead of an email.

 

[bgroper]

One can also set variables so the output of the scripts goes to a file instead of an email.

That probably wouldn't work for me, because I'd never get around to viewing the file that Charlie had written.

 

[mer]

Charlie is just the messenger, others do the actual work.
Horses for courses and such.
The email works for a lot of people but one needs to either look at roots email, have it forwarded to a normal user or set the config to email it to not root.
The file config works for me just because I'm used to it.