Subject: pkg/27026: pkg audit in daily security check
To: None <>
From: Markus Illenseer <>
List: pkgsrc-bugs
Date: 09/24/2004 18:32:20
>Number:         27026
>Category:       pkg
>Synopsis:       Feauture request
>Confidential:   no
>Severity:       serious
>Priority:       low
>Responsible:    pkg-manager
>State:          open
>Class:          change-request
>Submitter-Id:   net
>Arrival-Date:   Fri Sep 24 16:33:00 UTC 2004
>Originator:     Markus Illenseer
>Release:        NetBSD 2.0_BETA
System: NetBSD 2.0_BETA NetBSD 2.0_BETA (BEAVER) #1: Sat Sep 11 15:26:25 CEST 2004 i386
Architecture: i386
Machine: i386
The daily /etc/security script should optionally download the vulnarability list and then audit the packages and report this in the security summary mail. Of course only as option configured in /etc/rc.conf and only when packages are actually installed.

Example script:

download-vulnerability-list >/dev/null 2>&1
audit-packages >${filename} 2>&1

if test -s ${filename} ; then
  mail -s "Audit Warning"  root < ${filename}

rm -rf ${filename} >/dev/null 2>&1
 >SeveriTy:	non-critical