pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

[pkgsrc/trunk]: pkgsrc/doc/guide/files Use the path pkg_admin is installed in...

details:   https://anonhg.NetBSD.org/pkgsrc/rev/fb932f8b494c
branches:  trunk
changeset: 356887:fb932f8b494c
user:      sevan <sevan%pkgsrc.org@localhost>
date:      Sat Jan 07 03:28:38 2017 +0000

description:
Use the path pkg_admin is installed in when bootstrapped from pkgsrc, not natively on NetBSD.
Add a cron job to run the audit in the example.
Direct NetBSD users to the fetch_pkg_vulnerabilities & check_pkg_vulnerabilities instead.

diffstat:

 doc/guide/files/using.xml |  25 +++++++++++++++++--------
 1 files changed, 17 insertions(+), 8 deletions(-)

diffs (43 lines):

diff -r 2611680dac59 -r fb932f8b494c doc/guide/files/using.xml
--- a/doc/guide/files/using.xml Sat Jan 07 03:22:18 2017 +0000
+++ b/doc/guide/files/using.xml Sat Jan 07 03:28:38 2017 +0000
@@ -1,4 +1,4 @@
-<!-- $NetBSD: using.xml,v 1.41 2017/01/07 02:25:24 sevan Exp $ -->
+<!-- $NetBSD: using.xml,v 1.42 2017/01/07 03:28:38 sevan Exp $ -->
 
 <chapter id="using"> <?dbhtml filename="using.html"?>
 <title>Using pkgsrc</title>
@@ -174,17 +174,26 @@
       to the root users &man.crontab.5; entry.  For example the entry
       <screen>
 # download vulnerabilities file
-0 3 * * * /usr/sbin/pkg_admin fetch-pkg-vulnerabilities >/dev/null 2>&1
+0 3 * * * /usr/pkg/sbin/pkg_admin fetch-pkg-vulnerabilities >/dev/null 2>&1
+# audit the installed packages and email results to root
+9 3 * * * /usr/pkg/sbin/pkg_admin auit |mail -s "Installed package audit result" root >/dev/null 2>&1
       </screen>
-      will update the vulnerability list every day at 3AM. You may wish to do
-      this more often than once a day.
+      will update the vulnerability list every day at 3AM, followed by an audit
+      at 3:09AM. The result of the audit are then emailed to root.
 
-      In addition, you may wish to run the package audit from the daily
-      security script.  This may be accomplished by adding the following
-      line to <filename>/etc/security.local</filename>:
+      On NetBSD this may be accomplished instead by adding the following
+      line to <filename>/etc/daily.conf</filename>:
       <screen>
-/usr/sbin/pkg_admin audit
+fetch_pkg_vulnerabilities=YES
       </screen>
+      to fetch the vulnerability list from the daily security script. The system
+      is set to audit the packages by default but can be set explicitly, if
+      desired (not required), by adding the follwing line to
+<filename>/etc/security.conf</filename>:
+      <screen>
+check_pkg_vulnerabilities=YES
+      </screen>
+      see &man.daily.conf.5; and &man.security.conf.5; for more details.
     </para>
   </sect2>
Home | Main Index | Thread Index | Old Index