It mysteriously started working again. So, I am using 2014Q1 dataset and ‘pkg_admin audit’ already reports several vulnerabilities in standard stack (mysql, php, http…). I don’t know the severity of each of them, I assume these aren’t critical since these aren’t getting fixed?
Or is the expectation these would be fixed since that is the latest dataset? Being able to see what’s vulnerable with pkg_admin is nice but I think it’s a necessity to have a maintained dataset for longer periods of time. It’s tough to ask clients and tell them to re-provision all the time. On Jun 24, 2014, at 9:26 PM, Anil Jangity via smartos-discuss <[email protected]> wrote: > >> It's worth noting at this point that pkgsrc has native support for >> reporting on vulnerable packages. We have a pkgsrc security team who >> maintain a file containing all known vulnerabilities, and it is >> matched against the packages you have installed. To use it, run: >> >> $ pkg_admin fetch-pkg-vulnerabilities >> $ pkg_admin audit > > > Any idea why this isn’t working? > > [root@null ~]# pkg_admin -v fetch-pkg-vulnerabilities > pkg_admin: Could not fetch vulnerability file: Network is unreachable > [root@null ~]# > > [root@null ~]# ping google.com > google.com is alive > [root@null ~]# > > > > > > ------------------------------------------- > smartos-discuss > Archives: https://www.listbox.com/member/archive/184463/=now > RSS Feed: https://www.listbox.com/member/archive/rss/184463/22338985-90400dfa > Modify Your Subscription: https://www.listbox.com/member/?&; > Powered by Listbox: http://www.listbox.com ------------------------------------------- smartos-discuss Archives: https://www.listbox.com/member/archive/184463/=now RSS Feed: https://www.listbox.com/member/archive/rss/184463/25769125-55cfbc00 Modify Your Subscription: https://www.listbox.com/member/?member_id=25769125&id_secret=25769125-7688e9fb Powered by Listbox: http://www.listbox.com
