Index: ports/chapter.xml
===================================================================
--- ports/chapter.xml
+++ ports/chapter.xml
@@ -197,15 +197,11 @@
&a.ports; and the &a.ports-bugs;.
- Before installing any application, check http://vuxml.freebsd.org/
- for security issues related to the application or install
- ports-mgmt/portaudit. Once installed, type
- portaudit -F -a to check all installed
- applications for known vulnerabilities. When
- pkg is being used the audit
- functionality is built in. Execute pkg audit
- -F to get a report on vulnerable packages.
+ Before installing any application, check
+ for security issues related to the application or type
+ pkg audit -F to check all installed
+ applications for known vulnerabilities.The remainder of this chapter explains how to use packages
@@ -1116,16 +1112,13 @@
Collection as described in the previous section. Since
the installation of any third-party software can introduce
security vulnerabilities, it is recommended to first check
- http://vuxml.freebsd.org/
+
for known security issues related to the port. Alternately,
- if ports-mgmt/portaudit is installed, run
- portaudit -F before installing a new
+ run pkg audit -F before installing a new
port. This command can be configured to automatically
perform a security audit and an update of the vulnerability
database during the daily security system check. For more
- information, refer to the manual page for
- portaudit and
+ information, refer to &man.pkg-audit.8; and
&man.periodic.8;.
Index: security/chapter.xml
===================================================================
--- security/chapter.xml
+++ security/chapter.xml
@@ -78,7 +78,7 @@
- How to use portaudit to audit
+ How to use pkg to audit
third party software packages installed from the Ports
Collection.
@@ -3091,7 +3091,7 @@
-
+ Monitoring Third Party Security Issues
@@ -3102,7 +3102,7 @@
- portaudit
+ pkgIn recent years, the security world has made many
@@ -3117,49 +3117,38 @@
capability. There is a way to mitigate third party
vulnerabilities and warn administrators of known security
issues. A &os; add on utility known as
- portaudit exists solely for this
- purpose.
+ pkg includes options explicitly for
+ this purpose.
- The
- ports-mgmt/portaudit
- port polls a database, which is updated and maintained by the
- &os; Security Team and ports developers, for known security
- issues.
+ pkg polls a database for security
+ issues. The database is updated and maintained by the &os; Security
+ Team and ports developers.
- To install portaudit from the
- Ports Collection:
+ Please refer to for
+ instructions on installing
+ pkg.
- &prompt.root; cd /usr/ports/ports-mgmt/portaudit && make install clean
+ Installation provides &man.periodic.8; configuration files
+ for maintaining the pkg audit
+ database, and provides a programmatic method of keeping it
+ updated. This functionality is enabled if
+ daily_status_security_pkgaudit_enable
+ is set to YES in &man.periodic.conf.5;.
+ Ensure that daily security run emails, which are sent to
+ root's email account,
+ are being read.
- During the installation, the configuration files for
- &man.periodic.8; will be updated, permitting
- portaudit output in the daily
- security runs. Ensure that the daily security run emails, which
- are sent to root's
- email account, are being read. No other configuration is
- required.
+ After installation, and to audit third party utilities as
+ part of the Ports Collection at any time, an administrator may
+ choose to update the database and view known vulnerabilities
+ of installed packages by invoking:
- After installation, an administrator can update the
- database and view known vulnerabilities in installed packages
- by invoking the following command:
+ &prompt.root; pkg audit -F
- &prompt.root; portaudit -Fda
+ pkg displays messages
+ any published vulnerabilities in installed packages:
-
- The database is automatically updated during the
- &man.periodic.8; run. The above command is optional and can
- be used to manually update the database now.
-
-
- To audit the third party utilities installed as part of
- the Ports Collection at anytime, an administrator can run the
- following command:
-
- &prompt.root; portaudit -a
-
- portaudit will display messages
- for any installed vulnerable packages:
-
Affected package: cups-base-1.1.22.0_1
Type of problem: cups-base -- HPGL buffer overflow vulnerability.
Reference: <http://www.FreeBSD.org/ports/portaudit/40a3bca2-6809-11d9-a9e7-0001020eed82.html>
@@ -3174,9 +3163,9 @@
versions affected, by &os; port version, along with other web
sites which may contain security advisories.
- portaudit is a powerful utility
- and is extremely useful when coupled with the
- portmaster port.
+ pkg is a powerful utility
+ and is extremely useful when coupled with
+ ports-mgmt/portmaster.