Tracking base system and kernel updates/vulnerabilities
Anselm Strauss
amsibamsi at gmail.com
Thu Apr 17 06:20:04 UTC 2008
On Apr 15, 2008, at 20:28 , Lowell Gilbert wrote:
> Anselm Strauss <amsibamsi at gmail.com> writes:
>
>> is there a tool, like portaudit for the ports tree, to track updates
>> and/or vulnerabilities for the base system and the kernel? What I'm
>> looking for is a tool that will check my current installation against
>> a specific checkout of the CVS source and kernel trees considering a
>> specific CVS tag and inform me where my system is outdated and
>> vulnerable. I don't know if this is even possible by just having the
>> CVS trees ...
>>
>> For the kernel, is there something like a linear version number in
>> the
>> -STABLE branches? I noticed there's a pX in the kernel version for
>> release kernels. How do I for example compare the currentness of two
>> 7.0-STABLE kernels if I don't know from what source they were build?
>
> freebsd-update(8)
Yep, that's exactly what I was looking for (must have overlooked it).
Had some trouble until I noticed it will only work if the running
kernel has a -RELEASE tag in it's uname, but now I also see how this
works with the patch version.
I have 2 small questions left:
- Can I somehow determine the version of the base system without
running uname on the kernel (I could have a release base system but
run a stable kernel for example)? Sure, I could take the indirect way
over freebsd-update again, but is there some sort of version
information stored in the base system?
- Is there some list of all possible components in the base system? So
far I've seen src, kernel and world. Are there more?
Thanks,
Anselm
More information about the freebsd-questions
mailing list