diff options
author | wiz <wiz> | 2009-05-28 09:29:30 +0000 |
---|---|---|
committer | wiz <wiz> | 2009-05-28 09:29:30 +0000 |
commit | 016ac38d302e454c79dfda92ea6c7c796ef34842 (patch) | |
tree | b819062e4454328e2e0ce3b28ca27e5f1704ea10 /doc/guide | |
parent | 4f9121914da8778b6bf0da416516a165f34f3333 (diff) | |
download | pkgsrc-016ac38d302e454c79dfda92ea6c7c796ef34842.tar.gz |
Stop describing audit-packages, describe pkg_admin commands instead.
Requested by joerg.
Diffstat (limited to 'doc/guide')
-rw-r--r-- | doc/guide/files/using.xml | 37 |
1 files changed, 24 insertions, 13 deletions
diff --git a/doc/guide/files/using.xml b/doc/guide/files/using.xml index 887afafc68e..f7c4ee859cc 100644 --- a/doc/guide/files/using.xml +++ b/doc/guide/files/using.xml @@ -1,4 +1,4 @@ -<!-- $NetBSD: using.xml,v 1.35 2008/03/04 02:39:37 jschauma Exp $ --> +<!-- $NetBSD: using.xml,v 1.36 2009/05/28 09:29:30 wiz Exp $ --> <chapter id="using"> <?dbhtml filename="using.html"?> <title>Using pkgsrc</title> @@ -99,7 +99,7 @@ and you can still use binary packages from someone else.</para> other packages depend on it. Instead, they are moved to the <filename>vulnerable</filename> subdirectory. So you may need to add this directory to the <varname>PKG_PATH</varname> variable. - However, you should run <command>audit-packages</command> + However, you should run <command>pkg_admin audit</command> regularly, especially after installing new packages, and verify that the vulnerabilities are acceptable for your configuration.</para> @@ -155,18 +155,18 @@ and you can still use binary packages from someone else.</para> </para> <para> - Through <filename role="pkg">security/audit-packages</filename>, + Through <command>pkg_admin fetch-pkg-vulnerabilities</command>, this list can be downloaded automatically, and a security audit of all packages installed on a system can take place. </para> <para> - There are two components to - <filename role="pkg">security/audit-packages</filename>. The first - component, <quote>download-vulnerability-list</quote>, is for downloading + There are two components to auditing. The first + step, <command>pkg_admin fetch-pkg-vulnerabilities</command>, + is for downloading the list of vulnerabilities from the NetBSD FTP site. The second - component, <quote>audit-packages</quote>, checks to see if any of your + step, <command>pkg_admin audit</command>, checks to see if any of your installed packages are vulnerable. If a package is vulnerable, you will see output similar to the following: </para> @@ -175,13 +175,24 @@ and you can still use binary packages from someone else.</para> http://www.samba.org/samba/whatsnew/macroexploit.html</screen> <para> - One can set up <filename - role="pkg">security/audit-packages</filename> to download the + You may wish to have the <ulink url="ftp://ftp.NetBSD.org/pub/pkgsrc/distfiles/vulnerabilities">vulnerabilities</ulink> - file daily, and include a package audit in the daily security script. - Details on this are located in the <ulink - url="http://cvsweb.NetBSD.org/bsdweb.cgi/pkgsrc/security/audit-packages/MESSAGE?rev=HEAD&content-type=text/x-cvsweb-markup">MESSAGE</ulink> - file for <filename role="pkg">security/audit-packages</filename>. + file downloaded daily so that + it remains current. This may be done by adding an appropriate entry + to the root users &man.crontab.5; entry. For example the entry + <screen> +# download vulnerabilities file +0 3 * * * /usr/sbin/pkg_admin fetch-pkg-vulnerabilities >/dev/null 2>&1 + </screen> + will update the vulnerability list every day at 3AM. You may wish to do + this more often than once a day. + + In addition, you may wish to run the package audit from the daily + security script. This may be accomplished by adding the following + line to <filename>/etc/security.local</filename>: + <screen> +/usr/sbin/pkg_admin audit + <screen> </para> </sect2> |