xymon-ext-scripts

Check-in [ca78846c69]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Fix pkgaudit when run as non-root
Downloads: Tarball | ZIP archive | SQL archive
Timelines: family | ancestors | descendants | both | master | trunk
Files: files | file ages | folders
SHA3-256:ca78846c691d64d4455c2ca26197ac7996295544353ee187e781b091e0c765f1
User & Date: feld@feld.me 2015-04-06 13:52:59
Context
2015-04-24
12:52
Add -r as default flag to pkg audit This will print dependencies of the vulnerable package check-in: 171b1305de user: feld@feld.me tags: master, trunk
2015-04-06
13:52
Fix pkgaudit when run as non-root check-in: ca78846c69 user: feld@feld.me tags: master, trunk
2015-03-16
13:08
the COLOR export could get lost because of the subshell check-in: de2a6e7bac user: feld@feld.me tags: master, trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to pkgaudit.sh.

64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82

83
84
85
86
87
88
89
90
# Build the pkg-audit message header for main host
echo "$(hostname) pkg audit status" >> ${TMPFILE}
echo "" >> ${TMPFILE}

# If PKGAUDIT_FORCEFETCH is enabled, pass -F flag and set VULNXML to a path where Xymon can write
[ ${PKGAUDIT_FORCEFETCH} = "YES" ] && FETCH="-F" && VULNXML="-f /usr/local/www/xymon/client/tmp/vuln.xml"

# Run pkg audit and collect output for main host. Use -F always here.
# Jail checks below don't need -F as it was done here.
pkg-static audit ${FETCH} ${VULNXML} >> ${TMPFILE} || export NONGREEN=1

# Check if we should run on jails too. Grep removes poudriere jails.
if [ ${PKGAUDIT_JAILS} = "YES" ]; then
	for i in $(jls | sed '1d' | egrep -v "${PKGAUDIT_JAILGREP}" | awk '{print $1}'); do
		JAILROOT=$(jls -j ${i} -h path | sed '1d')
		{ echo "" ;
		echo "##############################" ;
		echo "" ;
		echo "jail $(jexec ${i} hostname) pkg audit status" ;

		pkg-static -o PKG_DBDIR=${JAILROOT}/var/db/pkg audit ${VULNXML} ; } > ${TMPFILE} || export NONGREEN=1
	done
fi

# Ingest all the pkg audit messages.
MSG=$(cat ${TMPFILE})

# NONGREEN was detected.







|
<









|
>
|







64
65
66
67
68
69
70
71

72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
# Build the pkg-audit message header for main host
echo "$(hostname) pkg audit status" >> ${TMPFILE}
echo "" >> ${TMPFILE}

# If PKGAUDIT_FORCEFETCH is enabled, pass -F flag and set VULNXML to a path where Xymon can write
[ ${PKGAUDIT_FORCEFETCH} = "YES" ] && FETCH="-F" && VULNXML="-f /usr/local/www/xymon/client/tmp/vuln.xml"

# Run pkg audit and collect output for main host

pkg-static audit ${FETCH} ${VULNXML} >> ${TMPFILE} || export NONGREEN=1

# Check if we should run on jails too. Grep removes poudriere jails.
if [ ${PKGAUDIT_JAILS} = "YES" ]; then
	for i in $(jls | sed '1d' | egrep -v "${PKGAUDIT_JAILGREP}" | awk '{print $1}'); do
		JAILROOT=$(jls -j ${i} -h path | sed '1d')
		{ echo "" ;
		echo "##############################" ;
		echo "" ;
		echo "jail $(jls -j ${i} -h name | sed '/name/d') pkg audit status" ;
		echo "" ;
		pkg-static -o PKG_DBDIR=${JAILROOT}/var/db/pkg audit ${VULNXML} ; } >> ${TMPFILE} || export NONGREEN=1
	done
fi

# Ingest all the pkg audit messages.
MSG=$(cat ${TMPFILE})

# NONGREEN was detected.