Bugs in daily security output

Stephen Welker stephen.welker at nemostar.com.au
Fri Oct 7 22:15:02 PDT 2022


+1, on the following (more details below)

On 6/10/2022 2:19 am, Autumn Jolitz wrote:
> I’ve recently set up an operational mail server and now have been able to receive the previously ignored messages output by cron.
> 
> Of note, I saw inside the daily security email the following bugs:
> 
>> Checking for security vulnerabilities in base (userland & kernel):
>> /usr/local/etc/periodic/security/405.pkg-base-audit: freebsd-version: not found
>> Database fetched: Mon Oct  3 05:02:29 PDT 2022
>> sysctl: unknown oid 'security.jail.jailed'
>> [: =: unexpected operator
>> /snip
> 
> This is on a DragonFly v6.2.1.6.gb08a68-RELEASE system.
> 
> To recap:
> - ``freebsd-version`` is still referenced by ``/usr/local/etc/periodic/security/405.pkg-base-audit``
> - security audit script references a non-existent systctl key
> - the `[` operation that references said sysctl lacks a value to make the string real, which is normally handled by an adjacent placeholder value like ``[ "x$(command)" = "x1" ]`` which ensures the left operand is real for handing to the infix operator.


I my case, I installed (via pkg) wireguard-tools-lite

then the security log started logging the following:

--- snip ---
Checking for security vulnerabilities in base (userland & kernel):
/usr/local/etc/periodic/security/405.pkg-base-audit: freebsd-version: 
not found
sysctl: unknown oid 'security.jail.jailed'
[: =: unexpected operator
Fetching vuln.xml.xz: .......... done
0 problem(s) in 0 installed package(s) found.
--- snip ---


This is on DragonFly v6.2.2.1.g68dce-RELEASE

-- 
regards,
Stephen Welker.



More information about the Users mailing list