[src/trunk]: src/share/man/man7 Note the 'fetch_pkg_vulnerabilities=YES' also...

[jruoho <jruoho%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/221936ef521a
branches:  trunk
changeset: 763390:221936ef521a
user:      jruoho <jruoho%NetBSD.org@localhost>
date:      Fri Mar 18 16:11:13 2011 +0000

description:
Note the 'fetch_pkg_vulnerabilities=YES' also here. In lack of a proper
name, put this under "administrative security".

diffstat:

 share/man/man7/security.7 |  17 ++++++++++++++++-
 1 files changed, 16 insertions(+), 1 deletions(-)

diffs (31 lines):

diff -r 5d6f90b7f82a -r 221936ef521a share/man/man7/security.7
--- a/share/man/man7/security.7 Fri Mar 18 15:32:26 2011 +0000
+++ b/share/man/man7/security.7 Fri Mar 18 16:11:13 2011 +0000
@@ -1,4 +1,4 @@
-.\" $NetBSD: security.7,v 1.2 2011/03/18 15:32:26 jruoho Exp $
+.\" $NetBSD: security.7,v 1.3 2011/03/18 16:11:13 jruoho Exp $
 .\"
 .\" Copyright (c) 2006, 2011 Elad Efrat <elad%NetBSD.org@localhost>
 .\" All rights reserved.
@@ -418,6 +418,21 @@
 .Bd -literal -offset indent
 # sysctl -w security.curtain=1
 .Ed
+.Ss Administrative security
+Also certain administrative tasks are related to security.
+For instance, the the daily maintenance script includes some basic
+consistency checks; see
+.Xr security.conf 5
+for more details.
+In particular, it is possible to configure
+.Nx
+to automatically audit all third-party packages installed via
+.Xr pkgsrc 7 .
+To audit for any known vulnerabilities on daily basis, set the following in
+.Fa /etc/daily.conf :
+.Bd -literal -offset indent
+fetch_pkg_vulnerabilities=YES
+.Ed
 .Sh SEE ALSO
 .Xr ssp 3 ,
 .Xr options 4 ,