Page MenuHomeFreeBSD
Files F140085529

D1303.id3501.diff
No OneTemporary
Actions

D1303.id3501.diff
View Options

Index: ports/chapter.xml
===================================================================
--- ports/chapter.xml
+++ ports/chapter.xml
@@ -197,15 +197,11 @@
&a.ports; and the &a.ports-bugs;.</para>
<warning>
- <para>Before installing any application, check <uri
- xlink:href="http://vuxml.freebsd.org/">http://vuxml.freebsd.org/</uri>
- for security issues related to the application or install
- <package>ports-mgmt/portaudit</package>. Once installed, type
- <command>portaudit -F -a</command> to check all installed
- applications for known vulnerabilities. When
- <application>pkg</application> is being used the audit
- functionality is built in. Execute <command>pkg audit
- -F</command> to get a report on vulnerable packages.</para>
+ <para>Before installing any application, check <link
+ xlink:href="http://vuxml.freebsd.org/"></link>
+ for security issues related to the application or type
+ <command>pkg audit -F</command> to check all installed
+ applications for known vulnerabilities.</para>
</warning>
<para>The remainder of this chapter explains how to use packages
@@ -1116,16 +1112,13 @@
Collection as described in the previous section. Since
the installation of any third-party software can introduce
security vulnerabilities, it is recommended to first check
- <uri
- xlink:href="http://vuxml.freebsd.org/">http://vuxml.freebsd.org/</uri>
+ <link xlink:href="http://vuxml.freebsd.org/"></link>
for known security issues related to the port. Alternately,
- if <package>ports-mgmt/portaudit</package> is installed, run
- <command>portaudit -F</command> before installing a new
+ run <command>pkg audit -F</command> before installing a new
port. This command can be configured to automatically
perform a security audit and an update of the vulnerability
database during the daily security system check. For more
- information, refer to the manual page for
- <application>portaudit</application> and
+ information, refer to &man.pkg-audit.8; and
&man.periodic.8;.</para>
</warning>
Index: security/chapter.xml
===================================================================
--- security/chapter.xml
+++ security/chapter.xml
@@ -78,7 +78,7 @@
</listitem>
<listitem>
- <para>How to use <application>portaudit</application> to audit
+ <para>How to use <application>pkg</application> to audit
third party software packages installed from the Ports
Collection.</para>
</listitem>
@@ -3091,7 +3091,7 @@
</sect2>
</sect1>
- <sect1 xml:id="security-portaudit">
+ <sect1 xml:id="security-pkg">
<info>
<title>Monitoring Third Party Security Issues</title>
@@ -3102,7 +3102,7 @@
</info>
<indexterm>
- <primary>portaudit</primary>
+ <primary>pkg</primary>
</indexterm>
<para>In recent years, the security world has made many
@@ -3117,47 +3117,40 @@
capability. There is a way to mitigate third party
vulnerabilities and warn administrators of known security
issues. A &os; add on utility known as
- <application>portaudit</application> exists solely for this
- purpose.</para>
+ <application>pkg</application> includes options explicitly for
+ this purpose.</para>
<para>The
- <package>ports-mgmt/portaudit</package>
+ <application>pkg</application>
port polls a database, which is updated and maintained by the
&os; Security Team and ports developers, for known security
issues.</para>
- <para>To install <application>portaudit</application> from the
- Ports Collection:</para>
+ <para>To install <application>pkg</application> please refer to <link
+ xlink:href="&url.books.handbook;/pkgng-intro.html"></link>.</para>
- <screen>&prompt.root; <userinput>cd /usr/ports/ports-mgmt/portaudit &amp;&amp; make install clean</userinput></screen>
-
<para>During the installation, the configuration files for
- &man.periodic.8; will be updated, permitting
- <application>portaudit</application> output in the daily
- security runs. Ensure that the daily security run emails, which
- are sent to <systemitem class="username">root</systemitem>'s
- email account, are being read. No other configuration is
- required.</para>
+ &man.periodic.8; will be installed. This functionality is
+ enabled if <literal>daily_status_security_pkgaudit_enable</literal>
+ is set to <literal>YES</literal> in &man.periodic.conf.5;. Ensure
+ that daily security run emails, which are sent to
+ <systemitem class="username">root</systemitem>'s email account, are
+ being read.</para>
- <para>After installation, an administrator can update the
- database and view known vulnerabilities in installed packages
- by invoking the following command:</para>
+ <para>After installation, and to audit third party utilities as part
+ of the Ports Collection at anytime, an administrator can update the
+ database and view known vulnerabilities of installed packages
+ by invoking <application>pkg</application>:</para>
- <screen>&prompt.root; <userinput>portaudit -Fda</userinput></screen>
+ <screen>&prompt.root; <userinput>pkg audit -F</userinput></screen>
<note>
<para>The database is automatically updated during the
&man.periodic.8; run. The above command is optional and can
- be used to manually update the database now.</para>
+ be used to manually update the database.</para>
</note>
- <para>To audit the third party utilities installed as part of
- the Ports Collection at anytime, an administrator can run the
- following command:</para>
-
- <screen>&prompt.root; <userinput>portaudit -a</userinput></screen>
-
- <para><application>portaudit</application> will display messages
+ <para><application>pkg</application> will display messages
for any installed vulnerable packages:</para>
<programlisting>Affected package: cups-base-1.1.22.0_1
@@ -3174,9 +3167,9 @@
versions affected, by &os; port version, along with other web
sites which may contain security advisories.</para>
- <para><application>portaudit</application> is a powerful utility
- and is extremely useful when coupled with the
- <application>portmaster</application> port.</para>
+ <para><application>pkg</application> is a powerful utility
+ and is extremely useful when coupled with
+ <package>ports-mgmt/portmaster</package>.</para>
</sect1>
<sect1 xml:id="security-advisories">

File Metadata

Mime Type
text/plain
Expires
Sun, Dec 21, 1:13 AM (16 m, 44 s)
Storage Engine
blob
Storage Format
Raw Data
Storage Handle
27102786
Default Alt Text
D1303.id3501.diff (6 KB)

Event Timeline