[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [ezjail] re: (ezjail) updating ports for jails



George Donnelly wrote:
> 
> On May 11, 2007, at 10:08 AM, Dave wrote:
> 
>>    One thing, kind of unrelated, but i'll throw it out there. I've got
>> three jails, one host system, all run portupgrade i'd like to make a
>> script run by all, that runs portversion -l "<" which indicates any
>> updated port requirements, if that jail has any and only if it has any
>> it emails root, which i have all jails configured to send mail to the
>> central mailserver, which delivers it appropriately.
> 
> This is not exactly what you want, and you may already do this, but you
> may want to run jailaudit on your host. Not all available upgrades are
> critical, but the security ones are and jailaudit will only send you an
> email if there is a vulnerable installed port in one of your jails.
> 
> I run jailaudit from cron:
> 
> 21 04 * * 5 /usr/local/bin/jailaudit generate 2>&1 > /dev/null
> 21 05 * * 5 /usr/local/bin/jailaudit mail sys AT domain DOT com ALL

Just to mention it, if you install jailaudit it will be run by the daily
cronjobs (/usr/local/etc/periodic/security/410.jailaudit) and the output
will be attached to your normal daily "security run" mails.

greetings,
philipp