Path to this page:
./
security/audit-packages,
Tools to show vulnerabilities in installed packages
Branch: pkgsrc-2007Q3,
Version: 1.46,
Package name: audit-packages-1.46,
Maintainer: agcThe audit-packages tools provide two scripts:
(1) download-vulnerability-list, an easy way to download a list of
security vulnerabilities which have been published. This list is kept
up to date by the NetBSD security officer. It is held at the
well-known URL:
ftp://ftp.NetBSD.org/pub/NetBSD/packages/distfiles/vulnerabilities
(2) audit-packages, an easy way to audit the current machine, checking
each vulnerability listed by the security officer. If a vulnerable
package is installed, it will be shown by output to stdout.
MESSAGE.DragonFly [+/-]===========================================================================
$NetBSD: MESSAGE.DragonFly,v 1.2 2006/03/02 18:31:49 joerg Exp $
You may wish to have the vulnerabilities file downloaded daily so that
it remains current. This may be done by adding an appropriate entry
to the root users crontab(5) entry. For example the entry
# download vulnerabilities file
0 3 * * * ${PREFIX}/sbin/download-vulnerability-list >/dev/null 2>&1
will update the vulnerability list every day at 3AM. You may wish to do
this more often than once a day.
In addition, you may wish to run the package audit from the daily
security script. This may be accomplished by adding the following
lines to /etc/periodic/security/NNN.audit-packages, where NNN is a
number specifying the order of execution.
if [ -x ${PREFIX}/sbin/audit-packages ]; then
${PREFIX}/sbin/audit-packages
fi
===========================================================================
Version history: (Expand)
- (2007-11-10) Package added to pkgsrc.se, version audit-packages-1.46 (created)