From owner-svn-doc-head@FreeBSD.ORG Fri Mar 27 18:55:32 2015
Return-Path: <owner-svn-doc-head@FreeBSD.ORG>
Delivered-To: svn-doc-head@freebsd.org
Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115])
(using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits))
(No client certificate requested)
by hub.freebsd.org (Postfix) with ESMTPS id 3005B4E3;
Fri, 27 Mar 2015 18:55:32 +0000 (UTC)
Received: from svn.freebsd.org (svn.freebsd.org
[IPv6:2001:1900:2254:2068::e6a:0])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(Client did not present a certificate)
by mx1.freebsd.org (Postfix) with ESMTPS id 10C41376;
Fri, 27 Mar 2015 18:55:32 +0000 (UTC)
Received: from svn.freebsd.org ([127.0.1.70])
by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t2RItVmE014557;
Fri, 27 Mar 2015 18:55:31 GMT (envelope-from jgh@FreeBSD.org)
Received: (from jgh@localhost)
by svn.freebsd.org (8.14.9/8.14.9/Submit) id t2RItVFA014555;
Fri, 27 Mar 2015 18:55:31 GMT (envelope-from jgh@FreeBSD.org)
Message-Id: <201503271855.t2RItVFA014555@svn.freebsd.org>
X-Authentication-Warning: svn.freebsd.org: jgh set sender to jgh@FreeBSD.org
using -f
From: Jason Helfman <jgh@FreeBSD.org>
Date: Fri, 27 Mar 2015 18:55:31 +0000 (UTC)
To: doc-committers@freebsd.org, svn-doc-all@freebsd.org,
svn-doc-head@freebsd.org
Subject: svn commit: r46387 - in head/en_US.ISO8859-1/books/handbook: ports
security
X-SVN-Group: doc-head
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
X-BeenThere: svn-doc-head@freebsd.org
X-Mailman-Version: 2.1.18-1
Precedence: list
List-Id: SVN commit messages for the doc tree for head
<svn-doc-head.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/options/svn-doc-head>,
<mailto:svn-doc-head-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/svn-doc-head/>
List-Post: <mailto:svn-doc-head@freebsd.org>
List-Help: <mailto:svn-doc-head-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/svn-doc-head>,
<mailto:svn-doc-head-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Fri, 27 Mar 2015 18:55:32 -0000
Author: jgh
Date: Fri Mar 27 18:55:30 2015
New Revision: 46387
URL: https://svnweb.freebsd.org/changeset/doc/46387
Log:
- remove portaudit references, as it is no longer in the Ports Collection
Differential Revision: https://reviews.freebsd.org/D1303
Approved by: wblock (mentor)
Modified:
head/en_US.ISO8859-1/books/handbook/ports/chapter.xml
head/en_US.ISO8859-1/books/handbook/security/chapter.xml
Modified: head/en_US.ISO8859-1/books/handbook/ports/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/ports/chapter.xml Fri Mar 27 16:07:35 2015 (r46386)
+++ head/en_US.ISO8859-1/books/handbook/ports/chapter.xml Fri Mar 27 18:55:30 2015 (r46387)
@@ -197,15 +197,11 @@
&a.ports; and the &a.ports-bugs;.</para>
<warning>
- <para>Before installing any application, check <uri
- xlink:href="http://vuxml.freebsd.org/">http://vuxml.freebsd.org/</uri>
- for security issues related to the application or install
- <package>ports-mgmt/portaudit</package>. Once installed, type
- <command>portaudit -F -a</command> to check all installed
- applications for known vulnerabilities. When
- <application>pkg</application> is being used the audit
- functionality is built in. Execute <command>pkg audit
- -F</command> to get a report on vulnerable packages.</para>
+ <para>Before installing any application, check <link
+ xlink:href="http://vuxml.freebsd.org/"></link>
+ for security issues related to the application or type
+ <command>pkg audit -F</command> to check all installed
+ applications for known vulnerabilities.</para>
</warning>
<para>The remainder of this chapter explains how to use packages
@@ -1116,16 +1112,13 @@ Deinstalling ca_root_nss-3.15.1_1... don
Collection as described in the previous section. Since
the installation of any third-party software can introduce
security vulnerabilities, it is recommended to first check
- <uri
- xlink:href="http://vuxml.freebsd.org/">http://vuxml.freebsd.org/</uri>
+ <link xlink:href="http://vuxml.freebsd.org/"></link>
for known security issues related to the port. Alternately,
- if <package>ports-mgmt/portaudit</package> is installed, run
- <command>portaudit -F</command> before installing a new
+ run <command>pkg audit -F</command> before installing a new
port. This command can be configured to automatically
perform a security audit and an update of the vulnerability
database during the daily security system check. For more
- information, refer to the manual page for
- <application>portaudit</application> and
+ information, refer to &man.pkg-audit.8; and
&man.periodic.8;.</para>
</warning>
Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/security/chapter.xml Fri Mar 27 16:07:35 2015 (r46386)
+++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml Fri Mar 27 18:55:30 2015 (r46387)
@@ -78,7 +78,7 @@
</listitem>
<listitem>
- <para>How to use <application>portaudit</application> to audit
+ <para>How to use <application>pkg</application> to audit
third party software packages installed from the Ports
Collection.</para>
</listitem>
@@ -3091,7 +3091,7 @@ drwxr-xr-x 2 robert robert 512 Nov 10
</sect2>
</sect1>
- <sect1 xml:id="security-portaudit">
+ <sect1 xml:id="security-pkg">
<info>
<title>Monitoring Third Party Security Issues</title>
@@ -3102,7 +3102,7 @@ drwxr-xr-x 2 robert robert 512 Nov 10
</info>
<indexterm>
- <primary>portaudit</primary>
+ <primary>pkg</primary>
</indexterm>
<para>In recent years, the security world has made many
@@ -3117,48 +3117,37 @@ drwxr-xr-x 2 robert robert 512 Nov 10
capability. There is a way to mitigate third party
vulnerabilities and warn administrators of known security
issues. A &os; add on utility known as
- <application>portaudit</application> exists solely for this
- purpose.</para>
+ <application>pkg</application> includes options explicitly for
+ this purpose.</para>
- <para>The
- <package>ports-mgmt/portaudit</package>
- port polls a database, which is updated and maintained by the
- &os; Security Team and ports developers, for known security
- issues.</para>
-
- <para>To install <application>portaudit</application> from the
- Ports Collection:</para>
-
- <screen>&prompt.root; <userinput>cd /usr/ports/ports-mgmt/portaudit && make install clean</userinput></screen>
-
- <para>During the installation, the configuration files for
- &man.periodic.8; will be updated, permitting
- <application>portaudit</application> output in the daily
- security runs. Ensure that the daily security run emails, which
- are sent to <systemitem class="username">root</systemitem>'s
- email account, are being read. No other configuration is
- required.</para>
-
- <para>After installation, an administrator can update the
- database and view known vulnerabilities in installed packages
- by invoking the following command:</para>
+ <para><application>pkg</application> polls a database for security
+ issues. The database is updated and maintained by the &os; Security
+ Team and ports developers.</para>
+
+ <para>Please refer to <link
+ xlink:href="&url.books.handbook;/pkgng-intro.html"></link> for
+ instructions on installing
+ <application>pkg</application>.</para>
+
+ <para>Installation provides &man.periodic.8; configuration files
+ for maintaining the <application>pkg</application> audit
+ database, and provides a programmatic method of keeping it
+ updated. This functionality is enabled if
+ <literal>daily_status_security_pkgaudit_enable</literal>
+ is set to <literal>YES</literal> in &man.periodic.conf.5;.
+ Ensure that daily security run emails, which are sent to
+ <systemitem class="username">root</systemitem>'s email account,
+ are being read.</para>
+
+ <para>After installation, and to audit third party utilities as
+ part of the Ports Collection at any time, an administrator may
+ choose to update the database and view known vulnerabilities
+ of installed packages by invoking:</para>
- <screen>&prompt.root; <userinput>portaudit -Fda</userinput></screen>
+ <screen>&prompt.root; <userinput>pkg audit -F</userinput></screen>
- <note>
- <para>The database is automatically updated during the
- &man.periodic.8; run. The above command is optional and can
- be used to manually update the database now.</para>
- </note>
-
- <para>To audit the third party utilities installed as part of
- the Ports Collection at anytime, an administrator can run the
- following command:</para>
-
- <screen>&prompt.root; <userinput>portaudit -a</userinput></screen>
-
- <para><application>portaudit</application> will display messages
- for any installed vulnerable packages:</para>
+ <para><application>pkg</application> displays messages
+ any published vulnerabilities in installed packages:</para>
<programlisting>Affected package: cups-base-1.1.22.0_1
Type of problem: cups-base -- HPGL buffer overflow vulnerability.
@@ -3174,9 +3163,9 @@ You are advised to update or deinstall t
versions affected, by &os; port version, along with other web
sites which may contain security advisories.</para>
- <para><application>portaudit</application> is a powerful utility
- and is extremely useful when coupled with the
- <application>portmaster</application> port.</para>
+ <para><application>pkg</application> is a powerful utility
+ and is extremely useful when coupled with
+ <package>ports-mgmt/portmaster</package>.</para>
</sect1>
<sect1 xml:id="security-advisories">