Bug 223716 - [NEW PORT] sysutils/base-audit Periodic script to check base for vulnerabilities
Summary: [NEW PORT] sysutils/base-audit Periodic script to check base for vulnerabilities
Status: Closed FIXED
Alias: None
Product: Ports & Packages
Classification: Unclassified
Component: Individual Port(s) (show other bugs)
Version: Latest
Hardware: Any Any
: --- Affects Only Me
Assignee: Mark Felder
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2017-11-16 23:34 UTC by Miroslav Lachman
Modified: 2017-12-10 16:00 UTC (History)
1 user (show)

See Also:

Attachments
sysutils/base-audit shar (8.39 KB, text/plain)
2017-11-16 23:34 UTC, Miroslav Lachman 		no flags Details
poudriere testport build log (11.27 KB, text/plain)
2017-11-16 23:35 UTC, Miroslav Lachman 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Miroslav Lachman 2017-11-16 23:34:36 UTC 
Created attachment 188060 [details]
sysutils/base-audit shar

Mark Felder created VuXML entries for FreeBSD base about a year ago so we can check vulnerabilities based on version returned by freebsd-version.

We discussed it here
https://lists.freebsd.org/pipermail/freebsd-security/2016-August/009049.html
https://lists.freebsd.org/pipermail/freebsd-security/2016-September/009064.html

Mark was talking about creating a port but I can't find any.

I already submitted PR 212306 with patch for ports-mgmt/pkg to include this periodic script but it was left without any attention for more than one year. That's why I created this simple port just to install one periodic file:
  405.pkg-base-audit


Example of output e-mail by daily security periodic:

Checking for security vulnerabilities in base (userland & kernel):
Host system:
vulnxml file up-to-date
FreeBSD-10.3_3 is vulnerable:
libarchive -- multiple vulnerabilities
CVE: CVE-2015-2304
CVE: CVE-2013-0211
WWW: https://vuxml.FreeBSD.org/freebsd/7c63775e-be31-11e5-b5fe-002590263bf5.html

FreeBSD-10.3_3 is vulnerable:
FreeBSD -- Heap vulnerability in bspatch
CVE: CVE-2014-9862
WWW: https://vuxml.FreeBSD.org/freebsd/7d4f4955-600a-11e6-a6c3-14dae9d210b8.html
Comment 1 Miroslav Lachman 2017-11-16 23:35:43 UTC 
Created attachment 188061 [details]
poudriere testport build log
Comment 2 Mark Felder freebsd_committer freebsd_triage 2017-12-10 16:00:53 UTC 
Committed with minor changes in https://svnweb.freebsd.org/ports?view=revision&revision=455902