Bugs in daily security output
Autumn Jolitz
autumn.jolitz at gmail.com
Wed Oct 5 08:19:01 PDT 2022
I’ve recently set up an operational mail server and now have been able to receive the previously ignored messages output by cron.
Of note, I saw inside the daily security email the following bugs:
> Checking for security vulnerabilities in base (userland & kernel):
> /usr/local/etc/periodic/security/405.pkg-base-audit: freebsd-version: not found
> Database fetched: Mon Oct 3 05:02:29 PDT 2022
> sysctl: unknown oid 'security.jail.jailed'
> [: =: unexpected operator
> /snip
This is on a DragonFly v6.2.1.6.gb08a68-RELEASE system.
To recap:
- ``freebsd-version`` is still referenced by ``/usr/local/etc/periodic/security/405.pkg-base-audit``
- security audit script references a non-existent systctl key
- the `[` operation that references said sysctl lacks a value to make the string real, which is normally handled by an adjacent placeholder value like ``[ "x$(command)" = "x1" ]`` which ensures the left operand is real for handing to the infix operator.
I don’t have a bugs.dragonfly account so I am unable to file a ticket for this. If there was a github like DPorts has, I’d file it there.
Autumn
More information about the Users
mailing list