pkg audit and fib

I use periodic from the host to check packages for vulnerabilities.
Code:
daily_status_security_pkgaudit_enable="YES"
daily_status_security_pkgaudit_jails="*"
However, for jails that operating with custom routing table, i receive
Code:
pkg: http://vuxml.freebsd.org/freebsd/vuln.xml.bz2: No address record
pkg: cannot fetch vulnxml file
jail.conf
Code:
mail {
 ip4.addr = "em2|10.0.4.2/32";
 exec.fib = 1;
}
How can I audit this jail's packages?
 
What I do is to fetch the file /var/db/pkg/vuln.xml once and copy it to each jail. For this you would need to modify the default script or invoke a new one. I run the code below via cron(8).
Code:
#!/bin/sh

# Run pkg audit -F
echo "Host system"
echo "-----------"
/usr/sbin/pkg audit -F
# Do in the jails
for jail in $(/usr/sbin/jls jid); do
Path=$(/usr/sbin/jls -j $jail path)
# Compare the vuln.xml file with the file
# in the jails.
if ! test ${Path}/var/db/pkg/vuln.xml -nt /var/db/pkg/vuln.xml
then
# Update if is does not exist or is older than the host version
echo "Update vuln.xml in jail"
cp /var/db/pkg/vuln.xml ${Path}/var/db/pkg/vuln.xml
fi
# Finally run the audit in the jails
echo
echo Jail $(/usr/sbin/jls -j $jail name)
echo "---------"
/usr/sbin/pkg -j $jail audit
done
In my case the result is send my mail as all stuff from crontab(5), you might need to find a different way. May be this is an idea, may be not.
 
Back
Top