No OneTemporary
Actions

Size

20 KB

Referenced Files

None

Subscribers

None

View Options

	Index: head/ports-mgmt/portaudit/Makefile
	===================================================================
	--- head/ports-mgmt/portaudit/Makefile (revision 236416)
	+++ head/ports-mgmt/portaudit/Makefile (revision 236417)
	@@ -1,66 +1,66 @@
	# New ports collection makefile for: portaudit
	# Date created: 25 Jan 2004
	# Whom: Oliver Eikemeier
	#
	# $FreeBSD$
	#

	PORTNAME= portaudit
	-PORTVERSION= 0.5.12
	+PORTVERSION= 0.5.13
	CATEGORIES= ports-mgmt security
	DISTFILES=

	MAINTAINER= secteam@FreeBSD.org
	COMMENT= Checks installed ports against a list of security vulnerabilities

	MAN1= portaudit.1

	PERIODICDIR?= ${PREFIX}/etc/periodic
	DATABASEDIR?= /var/db/portaudit

	PKGREQ= ${WRKDIR}/pkg-req
	PKGINSTALL= ${WRKDIR}/pkg-install
	PKGDEINSTALL= ${WRKDIR}/pkg-deinstall

	PLIST_SUB+= PERIODICDIR="${PERIODICDIR:S,^${PREFIX}/,,}" \
	DATABASEDIR="${DATABASEDIR}"

	REQPKGVER= 20040623

	SED_SCRIPT= -e 's\|%%PREFIX%%\|${PREFIX}\|g' \
	-e 's\|%%LOCALBASE%%\|${LOCALBASE}\|g' \
	-e "s\|%%PORTSDIR%%\|${PORTSDIR}\|g" \
	-e "s\|%%INDEXFILE%%\|${INDEXFILE}\|g" \
	-e "s\|%%DATABASEDIR%%\|${DATABASEDIR}\|g" \
	-e "s\|%%PORTVERSION%%\|${PORTVERSION}\|g" \
	-e "s\|%%REQPKGVER%%\|${REQPKGVER}\|g" \
	-e "s\|%%BZIP2_CMD%%\|${BZIP2_CMD}\|g" \

	do-build:
	.for f in portaudit-cmd.sh portaudit.sh portaudit.1 portaudit.conf
	@${SED} ${SED_SCRIPT} ${FILESDIR}/${f} >${WRKDIR}/${f}
	.endfor

	post-build:
	.for f in pkg-req pkg-install pkg-deinstall
	@${SED} ${SED_SCRIPT} ${PKGDIR}/${f} >${WRKDIR}/${f}
	.endfor

	pre-install:
	.if !defined(PACKAGE_BUILDING)
	@${SETENV} "PKG_PREFIX=${PREFIX}" ${SH} ${PKGREQ} ${PKGNAME} INSTALL
	.endif
	@${SETENV} "PKG_PREFIX=${PREFIX}" ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL

	do-install:
	@${INSTALL_SCRIPT} ${WRKDIR}/portaudit-cmd.sh ${PREFIX}/sbin/portaudit
	@${INSTALL_DATA} ${WRKDIR}/portaudit.conf ${PREFIX}/etc/portaudit.conf.sample
	@${INSTALL_MAN} ${WRKDIR}/portaudit.1 ${MAN1PREFIX}/man/man1
	@${MKDIR} ${PERIODICDIR}/security
	@${INSTALL_SCRIPT} ${WRKDIR}/portaudit.sh ${PERIODICDIR}/security/410.portaudit
	@${MKDIR} ${DATABASEDIR}

	post-install:
	@${SETENV} "PKG_PREFIX=${PREFIX}" ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL

	.include <bsd.port.mk>

	Property changes on: head/ports-mgmt/portaudit/Makefile
	___________________________________________________________________
	Modified: cvs2svn:cvs-rev
	## -1 +1 ##
	-1.24
	\ No newline at end of property
	+1.25
	\ No newline at end of property
	Index: head/ports-mgmt/portaudit/files/portaudit-cmd.sh
	===================================================================
	--- head/ports-mgmt/portaudit/files/portaudit-cmd.sh (revision 236416)
	+++ head/ports-mgmt/portaudit/files/portaudit-cmd.sh (revision 236417)
	@@ -1,482 +1,482 @@
	#!/bin/sh -efu
	#
	# Copyright (c) 2004 Oliver Eikemeier. All rights reserved.
	#
	# Redistribution and use in source and binary forms, with or without
	# modification, are permitted provided that the following conditions are
	# met:
	#
	# 1. Redistributions of source code must retain the above copyright notice
	# this list of conditions and the following disclaimer.
	#
	# 2. Redistributions in binary form must reproduce the above copyright
	# notice, this list of conditions and the following disclaimer in the
	# documentation and/or other materials provided with the distribution.
	#
	# 3. Neither the name of the author nor the names of its contributors may be
	# used to endorse or promote products derived from this software without
	# specific prior written permission.
	#
	# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
	# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
	# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
	# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	#
	# $FreeBSD$
	#

	portaudit_confs()
	{
	: ${portaudit_dir="%%DATABASEDIR%%"}
	: ${portaudit_filename="auditfile.tbz"}

	: ${portaudit_fetch_env=""}
	: ${portaudit_fetch_cmd="fetch -1mp"}

	- : ${portaudit_sites="http://www.FreeBSD.org/ports/"}
	+ : ${portaudit_sites="http://portaudit.FreeBSD.org/"}

	: ${portaudit_fixed=""}

	if [ -r %%PREFIX%%/etc/portaudit.conf ]; then
	. %%PREFIX%%/etc/portaudit.conf
	fi
	}

	extract_auditfile()
	{
	%%BZIP2_CMD%% -dc -- "$portaudit_dir/$portaudit_filename" \| \
	tar -xOf - auditfile
	}

	checksum_auditfile()
	{
	chksum1=`extract_auditfile \|
	sed -nE -e '$s/^#CHECKSUM: MD5 ([0-9a-f]{32})$/\1/p'`
	chksum2=`extract_auditfile \| sed -e '$d' \| md5`
	[ "$chksum1" = "$chksum2" ];
	}

	getcreated_auditfile()
	{
	extract_auditfile \|
	sed -nE -e '1s/^#CREATED: ([0-9]{4})-?([0-9]{2})-?([0-9]{2}) ([0-9]{2}):?([0-9]{2}):?([0-9]{2}).*$/\1-\2-\3 \4:\5:\6/p'
	}

	gettimestamp_auditfile()
	{
	extract_auditfile \|
	sed -nE -e '1s/^#CREATED: ([0-9]{4})-?([0-9]{2})-?([0-9]{2}).$/\1\2\3/p'
	}

	checkexpiry_auditfile()
	{
	created=`gettimestamp_auditfile`
	expiry=`date -u -v-$1d '+%Y%m%d'`
	[ "$created" -gt "$expiry" ];
	}

	portaudit_prerequisites()
	{
	if $prerequisites_checked; then
	return 0
	fi

	if [ -z "${pkg_info:-}" ]; then
	if [ -x "%%LOCALBASE%%/sbin/pkg_info" ]; then
	pkg_info="%%LOCALBASE%%/sbin/pkg_info"
	else
	pkg_info="/usr/sbin/pkg_info"
	fi
	fi

	if [ -z "${pkg_version:-}"]; then
	case "$pkg_info" in
	/)
	pkg_version="${pkg_info%/*}/pkg_version";;
	*)
	pkg_version="pkg_version";;
	esac
	fi

	PKG_INSTALL_VER=`$pkg_info -qP 2>/dev/null`
	if [ -z "$PKG_INSTALL_VER" -o "$PKG_INSTALL_VER" -lt %%REQPKGVER%% ]; then
	echo "$pkg_info is too old, please update port sysutils/pkg_install-devel"
	return 1
	fi

	if [ ! -r "$portaudit_dir/$portaudit_filename" ]; then
	echo "portaudit: Database missing, run \`portaudit -F' to update." >&2
	return 2
	elif ! checksum_auditfile; then
	echo "portaudit: Corrupt database." >&2
	return 2
	elif ! checkexpiry_auditfile 14; then
	echo "portaudit: Database too old." >&2
	return 2
	fi

	prerequisites_checked=true
	return 0
	}

	audit_installed()
	{
	local rc=0
	local osversion=`sysctl -n kern.osreldate`

	fixedre=`echo -n $portaudit_fixed \| tr -c '[:alnum:]- \t\n' 'x' \| tr -s ' \t\n' '\|'`
	installedre=`$pkg_info -aE \| sed -e 's/-[^-]*$//g' \| paste -s -d '\|' -`

	extract_auditfile \| awk -F\\| "$PRINTAFFECTED_AWK"'
	BEGIN { vul=0; fixedre="'"$fixedre"'" }
	/^(#\|\$)/ { next }
	$2 !~ /'"$opt_restrict"'/ { next }
	$1 ~ /^FreeBSD[<=>!]/ {
	if (fixedre && $2 ~ fixedre) next
	if (!system("'"$pkg_version"' -T \"FreeBSD-'"$osversion"'\" \"" $1 "\"")) {
	print_affected("FreeBSD-'"$osversion"'", \
	"To disable this check add the uuid to \`portaudit_fixed'"'"' in %%PREFIX%%/etc/portaudit.conf")
	}
	next
	}
	$1 ~ /^[^{}?][<=>!]/ {
	if ($1 !~ "^('"$installedre"')[<=>!]") next;
	}
	{
	cmd="'"$pkg_info"' -E \"" $1 "\""
	while((cmd \| getline pkg) > 0) {
	vul++
	print_affected(pkg, "")
	}
	close(cmd)
	}
	END {
	if ("'$opt_quiet'" == "false") {
	print vul " problem(s) in your installed packages found."
	}
	if (vul > 0) {
	if ("'$opt_quiet'" == "false") {
	print "\nYou are advised to update or deinstall" \
	" the affected package(s) immediately."
	}
	exit(1)
	}
	}
	' \|\| rc=$?

	return $rc
	}

	audit_file()
	{
	local rc=0
	local TMPFILE=

	case "$1" in
	-)
	TMPFILE=`mktemp -t portaudit`
	cat > "$TMPFILE"
	FILE="$TMPFILE"
	;;
	http://\|ftp://\|https://\|file://)
	echo "portaudit: Can't audit remote file $1" >&2
	return 2
	;;
	*)
	if [ -r "$1" ]; then
	FILE="$1"
	else
	echo "portaudit: Can't read $1" >&2
	return 2
	fi
	;;
	esac

	extract_auditfile \| awk -F\\| "$PRINTAFFECTED_AWK"'
	BEGIN { vul=0 }
	/^(#\|\$)/ { next }
	{
	cmd="'"$pkg_version"' -T - \"" $1 "\" <\"'"$FILE"'\""
	while((cmd \| getline pkg) > 0) {
	if ($2 !~ /'"$opt_restrict"'/)
	continue
	vul++
	print_affected(pkg, "")
	}
	close(cmd)
	}
	END {
	print vul " problem(s) found."
	if (vul > 0) {
	exit(1)
	}
	}
	' \|\| rc=$?

	if [ -n "$TMPFILE" ]; then
	rm "$TMPFILE"
	fi
	return $rc
	}

	audit_args()
	{
	local VULCNT=0
	while [ $# -gt 0 ]; do
	case "$1" in
	/*\|-)
	echo "portaudit: $1 is a file, please use the -f option" >&2
	;;
	http://\|ftp://\|https://\|file://)
	echo "portaudit: Can't audit remote file $1" >&2
	;;
	*)
	if VLIST=`extract_auditfile \| awk -F\\| '
	/^(#\|\$)/ { next }
	$2 !~ /'"$opt_restrict"'/ { next }
	{ print }
	' \| $pkg_version -T "$1" -`; then
	VULCNT=$(($VULCNT+1))
	echo "$VLIST" \| awk -F\\| "$PRINTAFFECTED_AWK"'
	{ print_affected("'"$1"'", "") }
	'
	fi
	;;
	esac
	shift
	done
	$opt_quiet \|\| echo "$VULCNT problem(s) found."
	if [ $VULCNT -gt 0 ]; then
	return 1
	fi
	}

	audit_cwd()
	{
	if [ ! -r "Makefile" ]; then
	echo "portaudit: No Makefile here" >&2
	return 2
	fi

	PKGNAME=`make -VPKGNAME 2>/dev/null \|\| true"`

	if [ -z "$PKGNAME" ]; then
	echo "portaudit: Can't determine the package name" >&2
	return 2
	fi

	if VLIST=`extract_auditfile \| awk -F\\| '
	/^(#\|\$)/ { next }
	$2 !~ /'"$opt_restrict"'/ { next }
	{ print }
	' \| $pkg_version -T "$PKGNAME" -`; then
	echo "$VLIST" \| awk -F\\| "$PRINTAFFECTED_AWK"'
	{ print_affected("'"$PKGNAME"'", "") }
	'
	return 1
	fi
	}

	fetch_auditfile()
	{
	local rc=2

	if [ ! -d "$portaudit_dir" ]; then
	if ! mkdir -p "$portaudit_dir"; then
	echo "Couldn't create $portaudit_dir, try running \`portaudit -F' as root" >&2
	return 2
	fi
	fi
	if [ ! -w "$portaudit_dir" ]; then
	echo "Couldn't write to $portaudit_dir, try running \`portaudit -F' as root" >&2
	return 2

	fi
	cd "$portaudit_dir"
	if [ -r "$portaudit_filename" ]; then
	cp -f "$portaudit_filename" "$portaudit_filename.old"
	fi

	$opt_verbose && echo "Attempting to fetch from $portaudit_sites."
	urls=`echo "$portaudit_sites" \| tr -s ' \t' '\n' \| sed -E -e "s/?\$/$portaudit_filename"`

	if ! env $portaudit_fetch_env $portaudit_fetch_cmd $urls; then
	echo "Couldn't fetch database." >&2
	elif [ ! -f "$portaudit_dir/$portaudit_filename" ] ; then
	echo "portaudit: No database." >&2
	elif ! checksum_auditfile; then
	echo "portaudit: Database corrupt." >&2
	elif ! checkexpiry_auditfile 7; then
	echo "portaudit: Database too old." >&2
	else
	$opt_quiet \|\| echo "New database installed."
	rc=0
	break
	fi

	if [ -f "$portaudit_filename.old" ]; then
	if [ $rc -eq 0 ]; then
	rm -f "$portaudit_filename.old"
	else
	mv -f "$portaudit_filename.old" "$portaudit_filename"
	$opt_quiet \|\| echo "Old database restored."
	fi
	fi
	if [ -f "$portaudit_filename" ]; then
	chmod a=r "$portaudit_filename"
	fi

	return $rc
	}

	portaudit_confs

	opt_audit=false
	opt_auditcwd=false
	opt_dbversion=false
	opt_fetch=false
	opt_file=
	opt_quiet=false
	opt_restrict=
	opt_verbose=false
	opt_version=false
	opt_expiry=

	if [ $# -eq 0 ] ; then
	opt_audit=true
	fi

	while getopts aCdf:Fqr:vVX: opt; do
	case "$opt" in
	a)
	opt_audit=true;;
	C)
	opt_auditcwd=true;;
	d)
	opt_dbversion=true;;
	f)
	opt_file="$OPTARG";;
	F)
	opt_fetch=true;;
	q)
	opt_quiet=true;;
	r)
	opt_restrict="$OPTARG";;
	v)
	opt_verbose=true;;
	V)
	opt_version=true;;
	X)
	opt_expiry="$OPTARG";;
	?)
	echo "Usage: $0 -aCdFVvq [-X days] [-r pattern] [-f file] [pkg-name ...]"
	exit 2;;
	esac
	done

	shift $(($OPTIND-1))

	ret=0

	if $opt_version; then
	echo "portaudit version %%PORTVERSION%%"
	fi

	if $opt_fetch; then
	if $opt_quiet ; then
	portaudit_fetch_cmd="${portaudit_fetch_cmd} -q"
	fi

	if ! fetch_auditfile; then
	echo "portaudit: Download failed." >&2
	exit 2
	fi
	elif [ -n "$opt_expiry" ]; then
	if [ ! -r "$portaudit_dir/$portaudit_filename" ] \|\| ! checkexpiry_auditfile "$opt_expiry"; then
	$opt_quiet \|\| echo "Downloading fresh database."
	if ! fetch_auditfile; then
	echo "portaudit: Download failed." >&2
	exit 2
	fi
	ret=1
	fi
	fi

	if $opt_dbversion; then
	if [ ! -f "$portaudit_dir/$portaudit_filename" ]; then
	echo "portaudit: Database missing, run \`portaudit -F' to update." >&2
	exit 2
	fi
	if ! checksum_auditfile; then
	echo "portaudit: Database corrupt." >&2
	exit 2
	fi
	created=`getcreated_auditfile`
	echo "Database created: `date -j -f '%Y-%m-%d %H:%M:%S %Z' \"$created GMT\"`"
	fi

	prerequisites_checked=false

	if $opt_quiet; then
	PRINTAFFECTED_AWK='
	function print_affected(apkg, note) {
	print apkg
	}
	'
	elif $opt_verbose; then
	PRINTAFFECTED_AWK='
	function print_affected(apkg, note) {
	split(apkg, thepkg)
	print "Affected package: " thepkg[1] " (matched by " $1 ")"
	print "Type of problem: " $3 "."
	split($2, ref, / /)
	for (r in ref)
	print "Reference: <" ref[r] ">"
	if (note)
	print "Note: " note
	print ""
	}
	'
	else
	PRINTAFFECTED_AWK='
	function print_affected(apkg, note) {
	split(apkg, thepkg)
	print "Affected package: " thepkg[1]
	print "Type of problem: " $3 "."
	split($2, ref, / /)
	for (r in ref)
	print "Reference: <" ref[r] ">"
	if (note)
	print "Note: " note
	print ""
	}
	'
	fi

	if $opt_audit; then
	portaudit_prerequisites
	audit_installed \|\| ret=$?
	fi

	if $opt_auditcwd; then
	portaudit_prerequisites
	audit_cwd \|\| ret=$?
	fi

	if [ -n "$opt_file" ]; then
	portaudit_prerequisites
	audit_file "$opt_file" \|\| ret=$?
	fi

	if [ $# -gt 0 ]; then
	portaudit_prerequisites
	audit_args "$@" \|\| ret=$?
	fi

	exit $ret

	Property changes on: head/ports-mgmt/portaudit/files/portaudit-cmd.sh
	___________________________________________________________________
	Modified: cvs2svn:cvs-rev
	## -1 +1 ##
	-1.14
	\ No newline at end of property
	+1.15
	\ No newline at end of property
	Index: head/ports-mgmt/portaudit/files/portaudit.1
	===================================================================
	--- head/ports-mgmt/portaudit/files/portaudit.1 (revision 236416)
	+++ head/ports-mgmt/portaudit/files/portaudit.1 (revision 236417)
	@@ -1,175 +1,175 @@
	.\" Copyright (c) 2004 Oliver Eikemeier. All rights reserved.
	.\"
	.\" Redistribution and use in source and binary forms, with or without
	.\" modification, are permitted provided that the following conditions are
	.\" met:
	.\"
	.\" 1. Redistributions of source code must retain the above copyright notice
	.\" this list of conditions and the following disclaimer.
	.\"
	.\" 2. Redistributions in binary form must reproduce the above copyright
	.\" notice, this list of conditions and the following disclaimer in the
	.\" documentation and/or other materials provided with the distribution.
	.\"
	.\" 3. Neither the name of the author nor the names of its contributors may be
	.\" used to endorse or promote products derived from this software without
	.\" specific prior written permission.
	.\"
	.\" THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
	.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
	.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
	.\" COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
	.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
	.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
	.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
	.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
	.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
	.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
	.\"
	.\" $FreeBSD$
	.\"
	-.Dd March 15, 2007
	+.Dd June 21, 2009
	.Os
	.Dt PORTAUDIT \&1 "FreeBSD ports collection"
	.
	.
	.Sh NAME
	.
	.Nm portaudit
	.Nd system to check installed packages for known vulnerabilities
	.
	.
	.Sh SYNOPSIS
	.
	.Nm
	.Op Fl aCdFqvV
	.Op Fl X Ar days
	.Op Fl f Ar file
	.Op Fl r Ar eregex
	.Op Ar pkg-name ...
	.
	.
	.Sh DESCRIPTION
	.
	.Nm
	checks installed packages for known vulnerabilities and generates reports
	including references to security advisories.
	Its intended audience is system administrators and individual users.
	.Pp
	.Nm
	uses a database maintained by port committers and the FreeBSD security team
	to check if security advisories for any installed packages exist.
	Note that a current ports tree (or any local copy of the ports tree) is not
	required for operation.
	.Pp
	This package also installs a script into %%PREFIX%%/etc/periodic/security
	that regularly updates this database and includes a report of vulnerable
	packages in the daily security report.
	.Pp
	If you have a vulnerable package installed, you are advised to update or
	deinstall it immediately.
	.
	.
	.Sh OPTIONS
	.
	The following options are supported:
	.Bl -tag -width ".Fl X"
	.It Fl a
	Print a vulnerability report for all installed packages.
	.It Fl C
	Print a vulnerability report for the port in the current working directory.
	Mostly useful for port developers.
	.It Fl d
	Print the creation date of the database.
	.It Fl F
	Fetch the current database from the
	.Fx
	servers.
	.It Fl q
	Quiet mode.
	.It Fl V
	Show
	.Nm
	version number.
	.It Fl v
	Verbose mode.
	.It Fl X Ar days
	Download a fresh database when the local is at least
	.Ar days
	old.
	.It Fl f Ar file
	Check the packages listed in
	.Ar file
	for known vulnerabilities.
	.It Fl r Ar eregex
	Restrict listed vulnerabilities to those where a reference matches
	.Xr egrep 1
	pattern
	.Ar eregex .
	Useful to test new entries.
	.It Ar pkg-name ...
	Test whether
	.Ar pkg-name
	is listed in the audit database.
	.El
	.Pp
	If no options are given,
	.Nm
	prints a vulnerability report for all installed packages.
	.
	.
	.Sh EXAMPLES
	.
	.Bl -item
	.It
	Fetch the current database and print its creation date:
	.Pp
	.Dl "portaudit -Fd"
	.It
	Print a vulnerability report for all installed packages:
	.Pp
	.Dl "portaudit -a"
	.It
	Print a vulnerability report for a remote machine:
	.Pp
	.Dl "ssh remote.example pkg_info \| awk '{ print $1 }' \| xargs portaudit"
	.It
	Print a vulnerability report for the local INDEX:
	.Pp
	.Dl "portaudit -f %%PORTSDIR%%/%%INDEXFILE%%"
	.It
	Print a vulnerability report for the current set of prebuild packages:
	.Pp
	.Dl "curl -l ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/All/ \| sed -n -e 's/\.t[bg]z[[:cntrl:]]*$//p' \| portaudit -f -"
	.El
	.
	.
	.Sh FILES
	.
	.Pa %%PREFIX%%/etc/portaudit.conf ,
	.Pa %%DATABASEDIR%%/auditfile.tbz
	.
	.
	.Sh SEE ALSO
	.
	.Xr ports 7 ,
	.Xr periodic.conf 5 ,
	-.Pa http://www.FreeBSD.org/ports/portaudit/ ,
	+.Pa http://portaudit.FreeBSD.org/ ,
	.Pa http://www.FreeBSD.org/security/#adv ,
	.Pa http://VuXML.FreeBSD.org/ .
	.
	.
	.Sh BUGS
	.
	Sure to be some.
	.
	.
	.Sh AUTHOR
	.
	.An Oliver Eikemeier Aq eik@FreeBSD.org
	.
	.
	.Sh HISTORY
	.
	Package auditing first appeared in
	.Nx 1.4.3 .

	Property changes on: head/ports-mgmt/portaudit/files/portaudit.1
	___________________________________________________________________
	Modified: cvs2svn:cvs-rev
	## -1 +1 ##
	-1.8
	\ No newline at end of property
	+1.9
	\ No newline at end of property
	Index: head/ports-mgmt/portaudit/files/portaudit.conf
	===================================================================
	--- head/ports-mgmt/portaudit/files/portaudit.conf (revision 236416)
	+++ head/ports-mgmt/portaudit/files/portaudit.conf (revision 236417)
	@@ -1,19 +1,19 @@
	#
	# Sample configuration file for portaudit(1)
	#
	# copy to %%PREFIX%%/etc/portaudit.conf
	#
	# $FreeBSD$
	#

	# specify a proxy if needed, see fetch(3)
	#portaudit_fetch_env="FTP_PROXY=http://ftp.proxy.sample/ HTTP_PROXY=http://http.proxy.sample:80/"

	# default fetch command
	#portaudit_fetch_cmd="fetch -1amp"

	# specify a local mirror that generates databases with portaudit-db here
	-#portaudit_sites="http://www.FreeBSD.org/ports/"
	+#portaudit_sites="http://portaudit.FreeBSD.org/"

	# this vulnerability has been fixed in your FreeBSD version
	#portaudit_fixed="d2102505-f03d-11d8-81b0-000347a4fa7d"

	Property changes on: head/ports-mgmt/portaudit/files/portaudit.conf
	___________________________________________________________________
	Modified: cvs2svn:cvs-rev
	## -1 +1 ##
	-1.6
	\ No newline at end of property
	+1.7
	\ No newline at end of property

File Metadata

Mime Type: application/octet-stream
Expires: Sun, Mar 1, 3:36 AM (2 d)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 29050596
Default Alt Text: (20 KB)

No OneTemporaryActions

View Options

File Metadata

Event Timeline

No OneTemporary
Actions