diff options
Diffstat (limited to 'security/audit-packages/files')
-rw-r--r-- | security/audit-packages/files/audit-packages.8 | 161 |
1 files changed, 161 insertions, 0 deletions
diff --git a/security/audit-packages/files/audit-packages.8 b/security/audit-packages/files/audit-packages.8 new file mode 100644 index 00000000000..ddb6e235330 --- /dev/null +++ b/security/audit-packages/files/audit-packages.8 @@ -0,0 +1,161 @@ +.\" $NetBSD: audit-packages.8,v 1.1 2003/06/12 06:59:31 wiz Exp $ +.Dd June 11, 2003 +.Os +.Dt AUDIT-PACKAGES 8 +.Sh NAME +.Nm audit-packages , +.Nm download-vulnerability-list +.Nd show vulnerabilities in installed packages +.Sh SYNOPSIS +.Nm +.Nm download-vulnerability-list +.Sh DESCRIPTION +The +.Nm +program compares the installed packages with the +.Pa vulnerabilities +file and reports any known security issues to standard output. +This output contains the name and version of the package, the +type of vulnerability, and an URL for further information for each +vulnerable package. +.Pp +The +.Nm download-vulnerability-list +program downloads this file from +.Pa ftp://ftp.netbsd.org/pub/NetBSD/packages/distfiles/vulnerabilities +using +.Xr @FETCH_CMD_SHORT@ 1 . +This vulnerabilities file documents all known security issues in +pkgsrc packages and is kept up-to-date by the +.Nx +packages team. +.Pp +Each line lists the package and vulnerable versions, the type of exploit, +and an Internet address for further information. +Commonly, the types of exploits listed are: +.Bl -bullet -compact -offset indent +.It +cross-site-html +.It +cross-site-scripting +.It +denial-of-service +.It +file-permissions +.It +local-access +.It +local-code-execution +.It +local-file-read +.It +local-file-removal +.It +local-file-write +.It +local-root-file-view +.It +local-root-shell +.It +local-symlink-race +.It +local-user-file-view +.It +local-user-shell +.It +privacy-leak +.It +remote-code-execution +.It +remote-command-inject +.It +remote-file-creation +.It +remote-file-read +.It +remote-file-view +.It +remote-file-write +.It +remote-key-theft +.It +remote-root-access +.It +remote-root-shell +.It +remote-script-inject +.It +remote-server-admin +.It +remote-use-of-secret +.It +remote-user-access +.It +remote-user-file-view +.It +remote-user-shell +.It +unknown +.It +weak-authentication +.It +weak-encryption +.It +weak-ssl-authentication +.El +.Pp +By default, the vulnerabilities file is stored in the +.Pa @PKGVULNDIR@ +directory. +This can be changed by defining the environment variable +.Ev PKGVULNDIR +to the directory containing the vulnerabilities file. +.Sh ENVIRONMENT +.Bl -tag -width PKGVULNDIR +.It Ev PKGVULNDIR +Specifies the directory containing the +.Pa vulnerabilities +file. +.El +.Sh FILES +.Pa @PKGVULNDIR@/vulnerabilities +.\" .Sh EXAMPLES +.Sh EXAMPLES +The +.Nm download-vulnerability-list +command can be run via +.Xr cron 8 +to update the +.Pa vulnerabilities +daily. +And +.Nm +can be run via +.Xr cron 8 +(or with +.Nx Ns 's +.Pa /etc/security.local +daily security script). +.Sh SEE ALSO +.Xr pkg_info 1 , +.Xr mk.conf 5 , +.Xr packages 7 , +.Pa @PKGSRCDIR@/mk/bsd.pkg.defaults.mk +and +.Rs +.%T "Documentation on the NetBSD Package System" +.Re +.Pa @PKGSRCDIR@/Packages.txt +.Sh HISTORY +The +.Nm +and +.Nm download-vulnerability-list +commands were originally implemented and added to +.Nx Ns 's +pkgsrc by +.An Alistair Crooks +on September 19, 2000. +The original idea came from Roland Dowdeswell and Bill Sommerfeld. +.\" .Sh AUTHORS +.\" .Sh SECURITY CONSIDERATIONS |