=========================================================================== $NetBSD: MESSAGE,v 1.7 2017/01/09 07:01:33 sevan Exp $ You may wish to have the vulnerabilities file downloaded daily so that it remains current. This may be done by adding an appropriate entry to the root users crontab(5) entry. For example the entry # Download vulnerabilities file 0 3 * * * ${PREFIX}/sbin/pkg_admin fetch-pkg-vulnerabilities >/dev/null 2>&1 # Audit the installed packages and email results to root 9 3 * * * ${PREFIX}/sbin/pkg_admin audit |mail -s "Installed package audit result" \ root >/dev/null 2>&1 will update the vulnerability list every day at 3AM, followed by an audit at 3:09AM. The result of the audit are then emailed to root. On NetBSD this may be accomplished instead by adding the following line to /etc/daily.conf: fetch_pkg_vulnerabilities=YES to fetch the vulnerability list from the daily security script. The system is set to audit the packages by default but can be set explicitly, if desired (not required), by adding the follwing line to /etc/security.conf: check_pkg_vulnerabilities=YES Both pkg_admin subcommands can be run as as an unprivileged user, as long as the user chosen has permission to read the pkgdb and to write the pkg-vulnerabilities to ${PKGVULNDIR}. The behavior of pkg_admin and pkg_add can be customised with pkg_install.conf. Please see pkg_install.conf(5) for details. If you want to use GPG signature verification you will need to install GnuPG and set the path for GPG appropriately in your pkg_install.conf. ===========================================================================