blob: a178f676ba22f3fbec937005744e2e341f8a4bbb (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
|
===========================================================================
$NetBSD: MESSAGE,v 1.4.4.1 2009/02/02 11:55:15 joerg Exp $
You may wish to have the vulnerabilities file downloaded daily so that
it remains current. This may be done by adding an appropriate entry
to a user's crontab(5) entry. For example the entry
# download vulnerabilities file
0 3 * * * ${PREFIX}/sbin/pkg_admin fetch-pkg-vulnerabilities >/dev/null 2>&1
will update the vulnerability list every day at 3AM. You may wish to do
this more often than once a day.
In addition, you may wish to run the package audit from the daily
security script. This may be accomplished by adding the following
lines to /etc/security.local
if [ -x ${PREFIX}/sbin/pkg_admin ]; then
${PREFIX}/sbin/pkg_admin audit
fi
Alternatively this can also be acomplished by adding an entry to a user's
crontab(5) file. e.g.:
# run audit-packages
0 3 * * * ${PREFIX}/sbin/pkg_admin audit
Both pkg_admin subcommands can be run as as an unprivileged user,
as long as the user chosen has permission to read the pkgdb and to write
the pkg-vulnerabilites to ${PKGVULNDIR}.
The behavior of pkg_admin and pkg_add can be customised with
pkg_install.conf. Please see pkg_install.conf(5) for details.
If you want to use GPG signature verification you will need to install
GnuPG and set the path for GPG appropriately in your pkg_install.conf.
===========================================================================
|
