pkgsrc-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[pkgsrc/trunk]: pkgsrc/doc/guide/files Stop describing audit-packages, descri...
details: https://anonhg.NetBSD.org/pkgsrc/rev/cd1534b971b2
branches: trunk
changeset: 393829:cd1534b971b2
user: wiz <wiz%pkgsrc.org@localhost>
date: Thu May 28 09:29:30 2009 +0000
description:
Stop describing audit-packages, describe pkg_admin commands instead.
Requested by joerg.
diffstat:
doc/guide/files/using.xml | 37 ++++++++++++++++++++++++-------------
1 files changed, 24 insertions(+), 13 deletions(-)
diffs (73 lines):
diff -r 8addc8b50d81 -r cd1534b971b2 doc/guide/files/using.xml
--- a/doc/guide/files/using.xml Thu May 28 08:59:59 2009 +0000
+++ b/doc/guide/files/using.xml Thu May 28 09:29:30 2009 +0000
@@ -1,4 +1,4 @@
-<!-- $NetBSD: using.xml,v 1.35 2008/03/04 02:39:37 jschauma Exp $ -->
+<!-- $NetBSD: using.xml,v 1.36 2009/05/28 09:29:30 wiz Exp $ -->
<chapter id="using"> <?dbhtml filename="using.html"?>
<title>Using pkgsrc</title>
@@ -99,7 +99,7 @@
other packages depend on it. Instead, they are moved to the
<filename>vulnerable</filename> subdirectory. So you may need to add
this directory to the <varname>PKG_PATH</varname> variable.
- However, you should run <command>audit-packages</command>
+ However, you should run <command>pkg_admin audit</command>
regularly, especially after installing new packages, and verify
that the vulnerabilities are acceptable for your configuration.</para>
@@ -155,18 +155,18 @@
</para>
<para>
- Through <filename role="pkg">security/audit-packages</filename>,
+ Through <command>pkg_admin fetch-pkg-vulnerabilities</command>,
this list can be downloaded
automatically, and a security audit of all packages installed on a system
can take place.
</para>
<para>
- There are two components to
- <filename role="pkg">security/audit-packages</filename>. The first
- component, <quote>download-vulnerability-list</quote>, is for downloading
+ There are two components to auditing. The first
+ step, <command>pkg_admin fetch-pkg-vulnerabilities</command>,
+ is for downloading
the list of vulnerabilities from the NetBSD FTP site. The second
- component, <quote>audit-packages</quote>, checks to see if any of your
+ step, <command>pkg_admin audit</command>, checks to see if any of your
installed packages are vulnerable. If a package is vulnerable, you
will see output similar to the following:
</para>
@@ -175,13 +175,24 @@
http://www.samba.org/samba/whatsnew/macroexploit.html</screen>
<para>
- One can set up <filename
- role="pkg">security/audit-packages</filename> to download the
+ You may wish to have the
<ulink url="ftp://ftp.NetBSD.org/pub/pkgsrc/distfiles/vulnerabilities";>vulnerabilities</ulink>
- file daily, and include a package audit in the daily security script.
- Details on this are located in the <ulink
- url="http://cvsweb.NetBSD.org/bsdweb.cgi/pkgsrc/security/audit-packages/MESSAGE?rev=HEAD&content-type=text/x-cvsweb-markup";>MESSAGE</ulink>
- file for <filename role="pkg">security/audit-packages</filename>.
+ file downloaded daily so that
+ it remains current. This may be done by adding an appropriate entry
+ to the root users &man.crontab.5; entry. For example the entry
+ <screen>
+# download vulnerabilities file
+0 3 * * * /usr/sbin/pkg_admin fetch-pkg-vulnerabilities >/dev/null 2>&1
+ </screen>
+ will update the vulnerability list every day at 3AM. You may wish to do
+ this more often than once a day.
+
+ In addition, you may wish to run the package audit from the daily
+ security script. This may be accomplished by adding the following
+ line to <filename>/etc/security.local</filename>:
+ <screen>
+/usr/sbin/pkg_admin audit
+ <screen>
</para>
</sect2>
Home |
Main Index |
Thread Index |
Old Index