Search Exchange

Search All Sites

Nagios Live Webinars

Let our experts show you how Nagios can help your organization.

Contact Us

Phone: 1-888-NAGIOS-1
Email: sales@nagios.com

Login

Remember Me

check_portaudit

Rating
1 vote
Favoured:
0
Hits
90448
Files:
FileDescription
check_portaudit.tar.gzVersion 0.5.1
Network Monitoring Software - Download Nagios XI
Log Management Software - Nagios Log Server - Download
Netflow Analysis Software - Nagios Network Analyzer - Download
Nagios plugin designed to monitor vulnerable and/or obsolete packages installed on a FreeBSD system.
This plugin relies on portaudit and/or portupgrade packages to be installed on your FreeBSD system. With these packages installed, the plugin will scan your system for either vulnerable packages, or obsolete packages - and display appropriate warnings to Nagios.
Portaudit can also be successfully run remotely from nrpe, and does not require superuser privileges to operate.


Usage: check_portaudit (security/updates) (show/noshow) database age limit (days)
Example: check_portaudit security show 3

COMMANDS
security - run portaudit and displays vulnerable packages. (Requires "portaudit" installation.)
updates - runs portversion and lists packages which need updating. (Requires "portupgrade" installation.)

You can choose whether to show or not show vulnerable/old packages by name. The message line may be incredibly huge if you have a lot of old/vulnerable packages, so using "noshow" you are guaranteed a single line of text.

DISPLAY
show - shows all packages by name when vulnerable/obsolete packages detected
noshow - do not show package names. Simply display number of packages detected

DATABASE AGE LIMIT
The database age limit option will produce CRITICAL errors by default if either the portaudit database or the ports tree is older than a certain number of days. If this argument is not specified, the default will be 7 days.

WARNINGS will be delivered should old/vulnerable packages be discovered otherwise you will get an OK result.

It is STRONGLY recommended that you update your ports database to maintain accurate information. A cronjob will easily accomplish this as superuser. A portaudit install will automatically add a periodic cronjob to update its database - and assuming an ever present internet connection, you won't need to worry about updating it.

Updating portsdb (in addition to syncing the ports tree) :-

# portsdb -Fu

Updating portaudit manually:-

# portaudit -F
Reviews (1)
The old pkg_ tools are no longer maintained and this script doesn't work with pkgng. I have an updated version here: http://www.tnpi.net/computing/freebsd/check_portaudit.pl