Skip to main content
Warning: You are using the test version of PyPI. This is a pre-production deployment of Warehouse. Changes made here affect the production instance of TestPyPI (
Help us improve Python packaging - Donate today!

Check FreeBSD pkg audit Nagios|Icinga|shinken|etc plugin.

Project Description


This check runs pkg audit over your host and its running jails

sample outputs :

  • Ok

    CHECKPKGAUDIT OK - 0 vulnerabilities found ! | 'host.domain.tld'=0;;@1:;0 http=0;;@1:;0 masterdns=0;;@1:;0 ns0=0;;@1:;0 ns1=0;;@1:;0 ns2=0;;@1:;0 smtp=0;;@1:;0
  • Critical

    Critical state is reached with first vulnerable pkg. No warning, no configurable threasold, why waiting 2 or more vulnerabilities ?

    We are talking about security vulnerabilities !

    Of course, the plugin sum all the vulnerabilities and details each host|jail concerned

    CHECKPKGAUDIT CRITICAL - found 2 vulnerable(s) pkg(s) in : ns2, ns3 | 'host.domain.tld'=0;;@1:;0 http=0;;@1:;0 masterdns=0;;@1:;0 ns0=0;;@1:;0 ns1=0;;@1:;0 ns2=1;;@1:;0 ns3=1;;@1:;0 smtp=0;;@1:;0

    Notice that summary returns the total amount problems :

    found 2 vulnerable(s) pkg(s) in : ns2, ns3 but performance data is detailled by host|jail

  • Unknown

    if an error occured during pkg audit, the plugin raises a check error, which returns an UNKNOWN state.

    typically UNKNOWN causes

    • pkg audit -F has not been runned on host or a jail
    CHECKPKGAUDIT UNKNOWN - jailname  Try running 'pkg audit -F' first | 'host.domain.tld'=0;;@1:;0 http=0;;@1:;0 masterdns=0;;@1:;0 ns0=0;;@1:;0 ns1=0;;@1:;0 ns2=0;;@1:;0 smtp=0;;@1:;0
    • pkg -j jailname audit runned as a non sudoer user
    CHECKPKGAUDIT UNKNOWN - jailname pkg: jail_attach(jailname): Operation not permitted | 'host.domain.tld'=0;;@1:;0

    If you have running jails, sudo is your friend to run this plugin with an unprivileged user. A sample config here

    icinga ALL = NOPASSWD: /usr/local/bin/check_pkgaudit


easy_install | pip within or not a virtualenv:

easy_install | pip install checkpkgaudit

check_pkgaudit is located at /usr/local/bin/check_pkgaudit


If you encountered an ssl certificate error with easy_install

pkg install -y ca_root_nss
ln -s /usr/local/share/certs/ca-root-nss.crt /etc/ssl/cert.pem

Nagios|icinga like configuration

check_pkgaudit could be called localy or remotely via check_by_ssh or NRPE.


here a sample definition to check remotely by ssh

Command definition

define command{
    command_name    check_ssh_pkgaudit
    command_line    $USER1$/check_by_ssh -H $HOSTADDRESS$ -i /var/spool/icinga/.ssh/id_rsa -C "sudo /usr/local/bin/check_pkgaudit"

the service itself

define service{
    use                     my-service
    host_name               hostname
    service_description     pkg audit
    check_command           check_ssh_pkgaudit!


add this line to /usr/local/etc/nrpe.cfg


nagios command definition

define command{
    command_name    check_nrpe_pkgaudit
    command_line    $USER1$/check_nrpe -H $HOSTADDRESS$ -c check_pkgaudit

the service itself

define service{
    use                     my-service
    host_name               hostname
    service_description     pkg audit
    check_command           check_nrpe_pkgaudit


bin/buildout -N

0.6 (2016-03-14)

  • add exclusion for hastd thanks voileux

0.5 (2016-03-11)

  • add support for jails with different jail- and hostnames, thanks StbX

0.4 (2015-03-21)

  • improve README with possible pypi ssl certificate problem, provide a workaround

0.3 (2015-03-21)

  • fix install README typo – Nicolas RAHIR nox
  • add NRPE conf sample – Nicolas RAHIR nox

0.2 (2015-03-06)

  • fix badges

0.1 (2015-03-06)

  • Jean-Philippe Camguilhem <>


Simon RECHER voileux

Steffen Brandemann StbX

Nicolas RAHIR nox

Jean-Philippe Camguilhem, Author

Release History

Release History

History Node


History Node


History Node


This version
History Node


History Node


History Node


History Node


History Node


History Node


History Node


Download Files

Download Files

Download the file for your platform. If you're not sure which to choose, learn more about installing packages.

File Name & Checksum SHA256 Checksum Help Version File Type Upload Date (16.1 kB) Copy SHA256 Checksum SHA256 Source Mar 14, 2016

Supported By

WebFaction WebFaction Technical Writing Elastic Elastic Search Pingdom Pingdom Monitoring Dyn Dyn DNS Sentry Sentry Error Logging CloudAMQP CloudAMQP RabbitMQ Heroku Heroku PaaS Kabu Creative Kabu Creative UX & Design Fastly Fastly CDN DigiCert DigiCert EV Certificate Rackspace Rackspace Cloud Servers DreamHost DreamHost Log Hosting