[pkgsrc/trunk]: pkgsrc/pkgtools/pkg_install Update message to match the "Chec...

[sevan <sevan%pkgsrc.org@localhost>]

details:   https://anonhg.NetBSD.org/pkgsrc/rev/c33cde2b26de
branches:  trunk
changeset: 356963:c33cde2b26de
user:      sevan <sevan%pkgsrc.org@localhost>
date:      Mon Jan 09 07:01:33 2017 +0000

description:
Update message to match the "Checking for security vulnerabilities in installed packages"
section in the pkgsrc guide.

diffstat:

 pkgtools/pkg_install/MESSAGE |  42 ++++++++++++++++++++----------------------
 1 files changed, 20 insertions(+), 22 deletions(-)

diffs (54 lines):

diff -r c9bbfd4b2ca0 -r c33cde2b26de pkgtools/pkg_install/MESSAGE
--- a/pkgtools/pkg_install/MESSAGE      Mon Jan 09 05:03:51 2017 +0000
+++ b/pkgtools/pkg_install/MESSAGE      Mon Jan 09 07:01:33 2017 +0000
@@ -1,30 +1,28 @@
 ===========================================================================
-$NetBSD: MESSAGE,v 1.6 2014/12/05 14:31:07 schmonz Exp $
+$NetBSD: MESSAGE,v 1.7 2017/01/09 07:01:33 sevan Exp $
 
-You may wish to have the vulnerabilities file downloaded daily so that
-it remains current.  This may be done by adding an appropriate entry
-to a user's crontab(5) entry.  For example the entry
-
-# download vulnerabilities file
-0 3 * * * ${PREFIX}/sbin/pkg_admin fetch-pkg-vulnerabilities >/dev/null 2>&1
-
-will update the vulnerability list every day at 3AM. You may wish to do
-this more often than once a day.
+You may wish to have the vulnerabilities file downloaded daily so that it
+remains current. This may be done by adding an appropriate entry to the root
+users crontab(5) entry. For example the entry
 
-In addition, you may wish to run the package audit from the daily
-security script.  This may be accomplished by adding the following
-lines to /etc/security.local
+# Download vulnerabilities file
+0 3 * * * ${PREFIX}/sbin/pkg_admin fetch-pkg-vulnerabilities >/dev/null 2>&1
+# Audit the installed packages and email results to root
+9 3 * * * ${PREFIX}/sbin/pkg_admin audit |mail -s "Installed package audit result" \
+           root >/dev/null 2>&1
+      
+will update the vulnerability list every day at 3AM, followed by an audit at
+3:09AM. The result of the audit are then emailed to root. On NetBSD this may be
+accomplished instead by adding the following line to /etc/daily.conf:
 
-if [ -x ${PREFIX}/sbin/pkg_admin ]; then
-        ${PREFIX}/sbin/pkg_admin audit
-fi
+fetch_pkg_vulnerabilities=YES
+      
+to fetch the vulnerability list from the daily security script. The system is
+set to audit the packages by default but can be set explicitly, if desired (not
+required), by adding the follwing line to /etc/security.conf:
 
-Alternatively this can also be acomplished by adding an entry to a user's
-crontab(5) file. e.g.:
-
-# run audit-packages
-0 3 * * * ${PREFIX}/sbin/pkg_admin audit
-
+check_pkg_vulnerabilities=YES
+      
 Both pkg_admin subcommands can be run as as an unprivileged user,
 as long as the user chosen has permission to read the pkgdb and to write
 the pkg-vulnerabilities to ${PKGVULNDIR}.