blob: 1e4c816a06f18e6fb297367a234dedc61e5fb67c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
|
===========================================================================
$NetBSD: MESSAGE,v 1.3 2007/10/09 19:19:14 martti Exp $
You may wish to have the vulnerabilities file downloaded daily so that
it remains current. This may be done by adding an appropriate entry
to a users crontab(5) entry. For example the entry
# download vulnerabilities file
0 3 * * * ${PREFIX}/sbin/download-vulnerability-list >/dev/null 2>&1
will update the vulnerability list every day at 3AM. You may wish to do
this more often than once a day.
In addition, you may wish to run the package audit from the daily
security script. This may be accomplished by adding the following
lines to /etc/security.local
if [ -x ${PREFIX}/sbin/audit-packages ]; then
${PREFIX}/sbin/audit-packages
fi
Alternatively this can also be acomplished by adding an entry to a users
crontab(5) file. e.g.:
# run audit-packages
0 3 * * * ${PREFIX}/sbin/audit-packages
audit-packages and/or download-vulnerability-list need not be run by
the root user. They will function as an unpriveleged user just so
long as the user chosen has permmission to write the pkg-vulnerabilites
to ${PKGVULNDIR}.
A sample audit-packages.conf has been installed to:
${EGDIR}/audit-packages.conf
You may want to customise this file and copy it to
${PKG_SYSCONFDIR}/audit-packages.conf.
If you want to use signature verification you will need to install GnuPG and
set the path for GPG appropriately in your audit-packages.conf. See
audit-packages.conf(5) and audit-packages(8) for further information.
===========================================================================
|