Date: Fri, 27 Mar 2015 18:55:31 +0000 (UTC) From: Jason Helfman <jgh@FreeBSD.org> To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r46387 - in head/en_US.ISO8859-1/books/handbook: ports security Message-ID: <201503271855.t2RItVFA014555@svn.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: jgh Date: Fri Mar 27 18:55:30 2015 New Revision: 46387 URL: https://svnweb.freebsd.org/changeset/doc/46387 Log: - remove portaudit references, as it is no longer in the Ports Collection Differential Revision: https://reviews.freebsd.org/D1303 Approved by: wblock (mentor) Modified: head/en_US.ISO8859-1/books/handbook/ports/chapter.xml head/en_US.ISO8859-1/books/handbook/security/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/ports/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/ports/chapter.xml Fri Mar 27 16:07:35 2015 (r46386) +++ head/en_US.ISO8859-1/books/handbook/ports/chapter.xml Fri Mar 27 18:55:30 2015 (r46387) @@ -197,15 +197,11 @@ &a.ports; and the &a.ports-bugs;.</para> <warning> - <para>Before installing any application, check <uri - xlink:href="http://vuxml.freebsd.org/">http://vuxml.freebsd.org/</uri>; - for security issues related to the application or install - <package>ports-mgmt/portaudit</package>. Once installed, type - <command>portaudit -F -a</command> to check all installed - applications for known vulnerabilities. When - <application>pkg</application> is being used the audit - functionality is built in. Execute <command>pkg audit - -F</command> to get a report on vulnerable packages.</para> + <para>Before installing any application, check <link + xlink:href="http://vuxml.freebsd.org/"></link>; + for security issues related to the application or type + <command>pkg audit -F</command> to check all installed + applications for known vulnerabilities.</para> </warning> <para>The remainder of this chapter explains how to use packages @@ -1116,16 +1112,13 @@ Deinstalling ca_root_nss-3.15.1_1... don Collection as described in the previous section. Since the installation of any third-party software can introduce security vulnerabilities, it is recommended to first check - <uri - xlink:href="http://vuxml.freebsd.org/">http://vuxml.freebsd.org/</uri>; + <link xlink:href="http://vuxml.freebsd.org/"></link>; for known security issues related to the port. Alternately, - if <package>ports-mgmt/portaudit</package> is installed, run - <command>portaudit -F</command> before installing a new + run <command>pkg audit -F</command> before installing a new port. This command can be configured to automatically perform a security audit and an update of the vulnerability database during the daily security system check. For more - information, refer to the manual page for - <application>portaudit</application> and + information, refer to &man.pkg-audit.8; and &man.periodic.8;.</para> </warning> Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/security/chapter.xml Fri Mar 27 16:07:35 2015 (r46386) +++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml Fri Mar 27 18:55:30 2015 (r46387) @@ -78,7 +78,7 @@ </listitem> <listitem> - <para>How to use <application>portaudit</application> to audit + <para>How to use <application>pkg</application> to audit third party software packages installed from the Ports Collection.</para> </listitem> @@ -3091,7 +3091,7 @@ drwxr-xr-x 2 robert robert 512 Nov 10 </sect2> </sect1> - <sect1 xml:id="security-portaudit"> + <sect1 xml:id="security-pkg"> <info> <title>Monitoring Third Party Security Issues</title> @@ -3102,7 +3102,7 @@ drwxr-xr-x 2 robert robert 512 Nov 10 </info> <indexterm> - <primary>portaudit</primary> + <primary>pkg</primary> </indexterm> <para>In recent years, the security world has made many @@ -3117,48 +3117,37 @@ drwxr-xr-x 2 robert robert 512 Nov 10 capability. There is a way to mitigate third party vulnerabilities and warn administrators of known security issues. A &os; add on utility known as - <application>portaudit</application> exists solely for this - purpose.</para> + <application>pkg</application> includes options explicitly for + this purpose.</para> - <para>The - <package>ports-mgmt/portaudit</package> - port polls a database, which is updated and maintained by the - &os; Security Team and ports developers, for known security - issues.</para> - - <para>To install <application>portaudit</application> from the - Ports Collection:</para> - - <screen>&prompt.root; <userinput>cd /usr/ports/ports-mgmt/portaudit && make install clean</userinput></screen> - - <para>During the installation, the configuration files for - &man.periodic.8; will be updated, permitting - <application>portaudit</application> output in the daily - security runs. Ensure that the daily security run emails, which - are sent to <systemitem class="username">root</systemitem>'s - email account, are being read. No other configuration is - required.</para> - - <para>After installation, an administrator can update the - database and view known vulnerabilities in installed packages - by invoking the following command:</para> + <para><application>pkg</application> polls a database for security + issues. The database is updated and maintained by the &os; Security + Team and ports developers.</para> + + <para>Please refer to <link + xlink:href="&url.books.handbook;/pkgng-intro.html"></link> for + instructions on installing + <application>pkg</application>.</para> + + <para>Installation provides &man.periodic.8; configuration files + for maintaining the <application>pkg</application> audit + database, and provides a programmatic method of keeping it + updated. This functionality is enabled if + <literal>daily_status_security_pkgaudit_enable</literal> + is set to <literal>YES</literal> in &man.periodic.conf.5;. + Ensure that daily security run emails, which are sent to + <systemitem class="username">root</systemitem>'s email account, + are being read.</para> + + <para>After installation, and to audit third party utilities as + part of the Ports Collection at any time, an administrator may + choose to update the database and view known vulnerabilities + of installed packages by invoking:</para> - <screen>&prompt.root; <userinput>portaudit -Fda</userinput></screen> + <screen>&prompt.root; <userinput>pkg audit -F</userinput></screen> - <note> - <para>The database is automatically updated during the - &man.periodic.8; run. The above command is optional and can - be used to manually update the database now.</para> - </note> - - <para>To audit the third party utilities installed as part of - the Ports Collection at anytime, an administrator can run the - following command:</para> - - <screen>&prompt.root; <userinput>portaudit -a</userinput></screen> - - <para><application>portaudit</application> will display messages - for any installed vulnerable packages:</para> + <para><application>pkg</application> displays messages + any published vulnerabilities in installed packages:</para> <programlisting>Affected package: cups-base-1.1.22.0_1 Type of problem: cups-base -- HPGL buffer overflow vulnerability. @@ -3174,9 +3163,9 @@ You are advised to update or deinstall t versions affected, by &os; port version, along with other web sites which may contain security advisories.</para> - <para><application>portaudit</application> is a powerful utility - and is extremely useful when coupled with the - <application>portmaster</application> port.</para> + <para><application>pkg</application> is a powerful utility + and is extremely useful when coupled with + <package>ports-mgmt/portmaster</package>.</para> </sect1> <sect1 xml:id="security-advisories">
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201503271855.t2RItVFA014555>