{"id":15680890,"url":"https://github.com/jpcw/checkpkgaudit","last_synced_at":"2025-05-07T11:21:23.965Z","repository":{"id":28171084,"uuid":"31672349","full_name":"jpcw/checkpkgaudit","owner":"jpcw","description":"Check FreeBSD pkg audit Nagios|Icinga|shinken|etc plugin.","archived":false,"fork":false,"pushed_at":"2020-07-29T18:09:57.000Z","size":52,"stargazers_count":11,"open_issues_count":2,"forks_count":8,"subscribers_count":2,"default_branch":"master","last_synced_at":"2025-03-31T09:37:21.237Z","etag":null,"topics":["centreon","freebsd","icinga","nagios","pkg","python","shinken"],"latest_commit_sha":null,"homepage":null,"language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":null,"status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/jpcw.png","metadata":{"files":{"readme":"README.rst","changelog":null,"contributing":null,"funding":null,"license":null,"code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null}},"created_at":"2015-03-04T18:18:32.000Z","updated_at":"2025-01-22T11:46:54.000Z","dependencies_parsed_at":"2022-09-14T06:11:14.358Z","dependency_job_id":null,"html_url":"https://github.com/jpcw/checkpkgaudit","commit_stats":null,"previous_names":[],"tags_count":9,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpcw%2Fcheckpkgaudit","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpcw%2Fcheckpkgaudit/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpcw%2Fcheckpkgaudit/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/jpcw%2Fcheckpkgaudit/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/jpcw","download_url":"https://codeload.github.com/jpcw/checkpkgaudit/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":252866118,"owners_count":21816396,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["centreon","freebsd","icinga","nagios","pkg","python","shinken"],"created_at":"2024-10-03T16:45:45.045Z","updated_at":"2025-05-07T11:21:23.941Z","avatar_url":"https://github.com/jpcw.png","language":"Python","readme":"\n==========================================================\nCheck FreeBSD pkg audit Nagios|Icinga|shinken|etc plugin.\n==========================================================\n\n.. image:: https://img.shields.io/pypi/l/checkpkgaudit.svg\n    :target: https://pypi.python.org/pypi/checkpkgaudit/\n\n.. image:: https://img.shields.io/pypi/implementation/checkpkgaudit.svg\n    :target: https://pypi.python.org/pypi/checkpkgaudit/\n\n.. image:: https://img.shields.io/pypi/pyversions/checkpkgaudit.svg\n    :target: https://pypi.python.org/pypi/checkpkgaudit/\n\n.. image:: https://img.shields.io/pypi/v/checkpkgaudit.svg\n      :target: https://pypi.python.org/pypi/checkpkgaudit/\n\n.. image:: https://img.shields.io/pypi/status/checkpkgaudit.svg\n    :target: https://pypi.python.org/pypi/checkpkgaudit/\n\n.. image:: https://img.shields.io/coveralls/jpcw/checkpkgaudit.svg\n      :target: https://coveralls.io/r/jpcw/checkpkgaudit\n\n.. image:: https://api.travis-ci.org/jpcw/checkpkgaudit.svg?branch=master\n      :target: http://travis-ci.org/jpcw/checkpkgaudit\n\n+ Source: https://github.com/jpcw/checkpkgaudit\n\n+ Bugtracker: https://github.com/jpcw/checkpkgaudit/issues\n\n.. contents::\n\nusage\n-------\n\nThis check runs pkg audit over your host and its running jails\n\nsample outputs :\n\n+ Ok\n    \n    ::\n      \n      CHECKPKGAUDIT OK - 0 vulnerabilities found ! | 'host.domain.tld'=0;;@1:;0 http=0;;@1:;0 masterdns=0;;@1:;0 ns0=0;;@1:;0 ns1=0;;@1:;0 ns2=0;;@1:;0 smtp=0;;@1:;0\n    \n\n+ Critical\n    \n    Critical state is reached with first vulnerable pkg. No warning, no configurable threasold, why waiting 2 or more vulnerabilities ?\n \n    We are talking about security vulnerabilities !\n    \n    Of course, the plugin sum all the vulnerabilities and details each host|jail concerned\n\n    \n    ::\n      \n      CHECKPKGAUDIT CRITICAL - found 2 vulnerable(s) pkg(s) in : ns2, ns3 | 'host.domain.tld'=0;;@1:;0 http=0;;@1:;0 masterdns=0;;@1:;0 ns0=0;;@1:;0 ns1=0;;@1:;0 ns2=1;;@1:;0 ns3=1;;@1:;0 smtp=0;;@1:;0\n    \n    Notice that summary returns the total amount problems :\n    \n    found **2** vulnerable(s) pkg(s) in : **ns2, ns3** but performance data is detailled by host|jail\n\n+ Unknown\n    \n    if an error occured during pkg audit, the plugin raises a check error, which returns an UNKNOWN state.\n    \n    typically UNKNOWN causes\n    \n        + *pkg audit -F* has not been runned on host or a jail\n        \n        ::\n          \n          CHECKPKGAUDIT UNKNOWN - jailname  Try running 'pkg audit -F' first | 'host.domain.tld'=0;;@1:;0 http=0;;@1:;0 masterdns=0;;@1:;0 ns0=0;;@1:;0 ns1=0;;@1:;0 ns2=0;;@1:;0 smtp=0;;@1:;0\n        \n        + *pkg -j jailname audit* runned as a non sudoer user\n        \n        ::\n          \n          CHECKPKGAUDIT UNKNOWN - jailname pkg: jail_attach(jailname): Operation not permitted | 'host.domain.tld'=0;;@1:;0\n        \n        If you have running jails, sudo is your friend to run this plugin with an unprivileged user. A sample config here ::\n          \n          icinga ALL = NOPASSWD: /usr/local/bin/check_pkgaudit\n          \n\nInstall\n------------\n\n**checkpkgaudit** can be installed via \neither **easy_install** or **pip** .\n\nWithin or not a virtualenv:\n\n.. code-block:: console    \n\n    easy_install checkpkgaudit \n    # or\n    pip install checkpkgaudit\n\n**check_pkgaudit** is located at /usr/local/bin/check_pkgaudit\n\n.. warning:: SSL certificate error\n\n    If you encountered an ssl certificate error with easy_install,\n    you probably need to install the Root certificate bundle \n    from the Mozilla Project:\n\n.. code-block:: console\n  \n  pkg install -y ca_root_nss\n  ln -s /usr/local/share/certs/ca-root-nss.crt /etc/ssl/cert.pem\n\n\nNagios|icinga like configuration\n-----------------------------------\n\n**check_pkgaudit** could be called localy or remotely \nvia **check_by_ssh** or **NRPE**.\n\n**check_by_ssh**\n\nhere a sample definition to check remotely by ssh \n\nCommand definition ::\n    \n    define command{\n        command_name    check_ssh_pkgaudit\n        command_line    $USER1$/check_by_ssh -H $HOSTADDRESS$ -i /var/spool/icinga/.ssh/id_rsa -C \"sudo /usr/local/bin/check_pkgaudit\"\n    }\n\nthe service itself ::\n    \n    define service{\n        use                     my-service\n        host_name               hostname\n        service_description     pkg audit\n        check_command           check_ssh_pkgaudit!\n    }\n    \nicinga2 command ::\n    \n\tobject CheckCommand \"pkgaudit\" {\n        import \"plugin-check-command\"\n        import \"ipv4-or-ipv6\"\n        command = [ PluginDir + \"/check_by_ssh\" ]\n        arguments = {\n            \"-H\" = \"$address$\"\n            \"-i\" = \"$ssh_id$\"\n            \"-p\" = \"$ssh_port$\"\n            \"-C\" = \"$ssh_command$\"\n    \t    }\n        vars.address = \"$check_address$\"\n        vars.ssh_id = \"/var/spool/icinga/.ssh/id_rsa\"\n        vars.ssh_port = \"$vars.ssh_port$\"\n        vars.ssh_command = \"sudo /usr/local/bin/check_pkgaudit\"\n\t}\n\nicinga2 service ::\n\t\n\tapply Service \"pkgaudit\" {\n  \t    check_command = \"pkgaudit\"\n  \t    assign where host.name == \"hostname\"\n\t}\n    \n\n**NRPE**\n\nadd this line to /usr/local/etc/nrpe.cfg ::\n     \n    ...\n    command[check_pkgaudit]=/usr/local/bin/check_pkgaudit\n    ...\n\nnagios command definition ::\n    \n    define command{\n        command_name    check_nrpe_pkgaudit\n        command_line    $USER1$/check_nrpe -H $HOSTADDRESS$ -c check_pkgaudit\n    }\n\nthe service itself ::\n    \n    define service{\n        use                     my-service\n        host_name               hostname\n        service_description     pkg audit\n        check_command           check_nrpe_pkgaudit\n    }   \n\ntesting\n---------\n\n.. code-block:: shell\n\n    python bootstrap-buildout.py --setuptools-version=33.1.1 --buildout-version=2.5.2\n    bin/buildout -N\n    bin/test\n\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjpcw%2Fcheckpkgaudit","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjpcw%2Fcheckpkgaudit","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjpcw%2Fcheckpkgaudit/lists"}