version 1.4, 2008/01/13 22:31:25 |
version 1.4.4.1, 2009/02/02 11:55:15 |
Line 6 it remains current. This may be done by |
|
Line 6 it remains current. This may be done by |
|
to a user's crontab(5) entry. For example the entry |
to a user's crontab(5) entry. For example the entry |
|
|
# download vulnerabilities file |
# download vulnerabilities file |
0 3 * * * ${PREFIX}/sbin/download-vulnerability-list >/dev/null 2>&1 |
0 3 * * * ${PREFIX}/sbin/pkg_admin fetch-pkg-vulnerabilities >/dev/null 2>&1 |
|
|
will update the vulnerability list every day at 3AM. You may wish to do |
will update the vulnerability list every day at 3AM. You may wish to do |
this more often than once a day. |
this more often than once a day. |
Line 15 In addition, you may wish to run the pac |
|
Line 15 In addition, you may wish to run the pac |
|
security script. This may be accomplished by adding the following |
security script. This may be accomplished by adding the following |
lines to /etc/security.local |
lines to /etc/security.local |
|
|
if [ -x ${PREFIX}/sbin/audit-packages ]; then |
if [ -x ${PREFIX}/sbin/pkg_admin ]; then |
${PREFIX}/sbin/audit-packages |
${PREFIX}/sbin/pkg_admin audit |
fi |
fi |
|
|
Alternatively this can also be acomplished by adding an entry to a user's |
Alternatively this can also be acomplished by adding an entry to a user's |
crontab(5) file. e.g.: |
crontab(5) file. e.g.: |
|
|
# run audit-packages |
# run audit-packages |
0 3 * * * ${PREFIX}/sbin/audit-packages |
0 3 * * * ${PREFIX}/sbin/pkg_admin audit |
|
|
audit-packages and/or download-vulnerability-list need not be run by |
Both pkg_admin subcommands can be run as as an unprivileged user, |
the root user. They will function as an unprivileged user, as long |
as long as the user chosen has permission to read the pkgdb and to write |
as the user chosen has permission to write the pkg-vulnerabilites |
the pkg-vulnerabilites to ${PKGVULNDIR}. |
to ${PKGVULNDIR}. |
|
|
The behavior of pkg_admin and pkg_add can be customised with |
A sample audit-packages.conf has been installed to: |
pkg_install.conf. Please see pkg_install.conf(5) for details. |
|
|
${EGDIR}/audit-packages.conf |
If you want to use GPG signature verification you will need to install |
|
GnuPG and set the path for GPG appropriately in your pkg_install.conf. |
You may want to customise this file and copy it to |
|
${PKG_SYSCONFDIR}/audit-packages.conf. |
|
If you want to use signature verification you will need to install GnuPG and |
|
set the path for GPG appropriately in your audit-packages.conf. See |
|
audit-packages.conf(5) and audit-packages(8) for further information. |
|
=========================================================================== |
=========================================================================== |