- remove portaudit references, as it is no longer in the Ports Collection
Differential Revision: https://reviews.freebsd.org/D1303 Approved by: wblock (mentor)
This commit is contained in:
Jason Helfman
parent
78529d41f6
commit
cb4141e875
Notes:
svn2git
2020-12-08 03:00:23 +00:00
svn path=/head/; revision=46387
2 changed files with 39 additions and 57 deletions
|
|
@ -197,15 +197,11 @@
|
|||
&a.ports; and the &a.ports-bugs;.</para>
|
||||
|
||||
<warning>
|
||||
<para>Before installing any application, check <uri
|
||||
xlink:href="http://vuxml.freebsd.org/">http://vuxml.freebsd.org/</uri>
|
||||
for security issues related to the application or install
|
||||
<package>ports-mgmt/portaudit</package>. Once installed, type
|
||||
<command>portaudit -F -a</command> to check all installed
|
||||
applications for known vulnerabilities. When
|
||||
<application>pkg</application> is being used the audit
|
||||
functionality is built in. Execute <command>pkg audit
|
||||
-F</command> to get a report on vulnerable packages.</para>
|
||||
<para>Before installing any application, check <link
|
||||
xlink:href="http://vuxml.freebsd.org/"></link>
|
||||
for security issues related to the application or type
|
||||
<command>pkg audit -F</command> to check all installed
|
||||
applications for known vulnerabilities.</para>
|
||||
</warning>
|
||||
|
||||
<para>The remainder of this chapter explains how to use packages
|
||||
|
|
@ -1116,16 +1112,13 @@ Deinstalling ca_root_nss-3.15.1_1... done</screen>
|
|||
Collection as described in the previous section. Since
|
||||
the installation of any third-party software can introduce
|
||||
security vulnerabilities, it is recommended to first check
|
||||
<uri
|
||||
xlink:href="http://vuxml.freebsd.org/">http://vuxml.freebsd.org/</uri>
|
||||
<link xlink:href="http://vuxml.freebsd.org/"></link>
|
||||
for known security issues related to the port. Alternately,
|
||||
if <package>ports-mgmt/portaudit</package> is installed, run
|
||||
<command>portaudit -F</command> before installing a new
|
||||
run <command>pkg audit -F</command> before installing a new
|
||||
port. This command can be configured to automatically
|
||||
perform a security audit and an update of the vulnerability
|
||||
database during the daily security system check. For more
|
||||
information, refer to the manual page for
|
||||
<application>portaudit</application> and
|
||||
information, refer to &man.pkg-audit.8; and
|
||||
&man.periodic.8;.</para>
|
||||
</warning>
|
||||
|
||||
|
|
|
|||
|
|
@ -78,7 +78,7 @@
|
|||
</listitem>
|
||||
|
||||
<listitem>
|
||||
<para>How to use <application>portaudit</application> to audit
|
||||
<para>How to use <application>pkg</application> to audit
|
||||
third party software packages installed from the Ports
|
||||
Collection.</para>
|
||||
</listitem>
|
||||
|
|
@ -3091,7 +3091,7 @@ drwxr-xr-x 2 robert robert 512 Nov 10 11:54 public_html</programlisting>
|
|||
</sect2>
|
||||
</sect1>
|
||||
|
||||
<sect1 xml:id="security-portaudit">
|
||||
<sect1 xml:id="security-pkg">
|
||||
<info>
|
||||
<title>Monitoring Third Party Security Issues</title>
|
||||
|
||||
|
|
@ -3102,7 +3102,7 @@ drwxr-xr-x 2 robert robert 512 Nov 10 11:54 public_html</programlisting>
|
|||
</info>
|
||||
|
||||
<indexterm>
|
||||
<primary>portaudit</primary>
|
||||
<primary>pkg</primary>
|
||||
</indexterm>
|
||||
|
||||
<para>In recent years, the security world has made many
|
||||
|
|
@ -3117,48 +3117,37 @@ drwxr-xr-x 2 robert robert 512 Nov 10 11:54 public_html</programlisting>
|
|||
capability. There is a way to mitigate third party
|
||||
vulnerabilities and warn administrators of known security
|
||||
issues. A &os; add on utility known as
|
||||
<application>portaudit</application> exists solely for this
|
||||
purpose.</para>
|
||||
<application>pkg</application> includes options explicitly for
|
||||
this purpose.</para>
|
||||
|
||||
<para>The
|
||||
<package>ports-mgmt/portaudit</package>
|
||||
port polls a database, which is updated and maintained by the
|
||||
&os; Security Team and ports developers, for known security
|
||||
issues.</para>
|
||||
<para><application>pkg</application> polls a database for security
|
||||
issues. The database is updated and maintained by the &os; Security
|
||||
Team and ports developers.</para>
|
||||
|
||||
<para>To install <application>portaudit</application> from the
|
||||
Ports Collection:</para>
|
||||
<para>Please refer to <link
|
||||
xlink:href="&url.books.handbook;/pkgng-intro.html"></link> for
|
||||
instructions on installing
|
||||
<application>pkg</application>.</para>
|
||||
|
||||
<screen>&prompt.root; <userinput>cd /usr/ports/ports-mgmt/portaudit && make install clean</userinput></screen>
|
||||
<para>Installation provides &man.periodic.8; configuration files
|
||||
for maintaining the <application>pkg</application> audit
|
||||
database, and provides a programmatic method of keeping it
|
||||
updated. This functionality is enabled if
|
||||
<literal>daily_status_security_pkgaudit_enable</literal>
|
||||
is set to <literal>YES</literal> in &man.periodic.conf.5;.
|
||||
Ensure that daily security run emails, which are sent to
|
||||
<systemitem class="username">root</systemitem>'s email account,
|
||||
are being read.</para>
|
||||
|
||||
<para>During the installation, the configuration files for
|
||||
&man.periodic.8; will be updated, permitting
|
||||
<application>portaudit</application> output in the daily
|
||||
security runs. Ensure that the daily security run emails, which
|
||||
are sent to <systemitem class="username">root</systemitem>'s
|
||||
email account, are being read. No other configuration is
|
||||
required.</para>
|
||||
<para>After installation, and to audit third party utilities as
|
||||
part of the Ports Collection at any time, an administrator may
|
||||
choose to update the database and view known vulnerabilities
|
||||
of installed packages by invoking:</para>
|
||||
|
||||
<para>After installation, an administrator can update the
|
||||
database and view known vulnerabilities in installed packages
|
||||
by invoking the following command:</para>
|
||||
<screen>&prompt.root; <userinput>pkg audit -F</userinput></screen>
|
||||
|
||||
<screen>&prompt.root; <userinput>portaudit -Fda</userinput></screen>
|
||||
|
||||
<note>
|
||||
<para>The database is automatically updated during the
|
||||
&man.periodic.8; run. The above command is optional and can
|
||||
be used to manually update the database now.</para>
|
||||
</note>
|
||||
|
||||
<para>To audit the third party utilities installed as part of
|
||||
the Ports Collection at anytime, an administrator can run the
|
||||
following command:</para>
|
||||
|
||||
<screen>&prompt.root; <userinput>portaudit -a</userinput></screen>
|
||||
|
||||
<para><application>portaudit</application> will display messages
|
||||
for any installed vulnerable packages:</para>
|
||||
<para><application>pkg</application> displays messages
|
||||
any published vulnerabilities in installed packages:</para>
|
||||
|
||||
<programlisting>Affected package: cups-base-1.1.22.0_1
|
||||
Type of problem: cups-base -- HPGL buffer overflow vulnerability.
|
||||
|
|
@ -3174,9 +3163,9 @@ You are advised to update or deinstall the affected package(s) immediately.</pro
|
|||
versions affected, by &os; port version, along with other web
|
||||
sites which may contain security advisories.</para>
|
||||
|
||||
<para><application>portaudit</application> is a powerful utility
|
||||
and is extremely useful when coupled with the
|
||||
<application>portmaster</application> port.</para>
|
||||
<para><application>pkg</application> is a powerful utility
|
||||
and is extremely useful when coupled with
|
||||
<package>ports-mgmt/portmaster</package>.</para>
|
||||
</sect1>
|
||||
|
||||
<sect1 xml:id="security-advisories">
|
||||
|
|
|
|||
Loading…
Reference in a new issue