From owner-svn-doc-all@FreeBSD.ORG Fri Mar 27 18:55:32 2015 Return-Path: Delivered-To: svn-doc-all@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 3005B4E3; Fri, 27 Mar 2015 18:55:32 +0000 (UTC) Received: from svn.freebsd.org (svn.freebsd.org [IPv6:2001:1900:2254:2068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id 10C41376; Fri, 27 Mar 2015 18:55:32 +0000 (UTC) Received: from svn.freebsd.org ([127.0.1.70]) by svn.freebsd.org (8.14.9/8.14.9) with ESMTP id t2RItVmE014557; Fri, 27 Mar 2015 18:55:31 GMT (envelope-from jgh@FreeBSD.org) Received: (from jgh@localhost) by svn.freebsd.org (8.14.9/8.14.9/Submit) id t2RItVFA014555; Fri, 27 Mar 2015 18:55:31 GMT (envelope-from jgh@FreeBSD.org) Message-Id: <201503271855.t2RItVFA014555@svn.freebsd.org> X-Authentication-Warning: svn.freebsd.org: jgh set sender to jgh@FreeBSD.org using -f From: Jason Helfman Date: Fri, 27 Mar 2015 18:55:31 +0000 (UTC) To: doc-committers@freebsd.org, svn-doc-all@freebsd.org, svn-doc-head@freebsd.org Subject: svn commit: r46387 - in head/en_US.ISO8859-1/books/handbook: ports security X-SVN-Group: doc-head MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-doc-all@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: "SVN commit messages for the entire doc trees \(except for " user" , " projects" , and " translations" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 27 Mar 2015 18:55:32 -0000 Author: jgh Date: Fri Mar 27 18:55:30 2015 New Revision: 46387 URL: https://svnweb.freebsd.org/changeset/doc/46387 Log: - remove portaudit references, as it is no longer in the Ports Collection Differential Revision: https://reviews.freebsd.org/D1303 Approved by: wblock (mentor) Modified: head/en_US.ISO8859-1/books/handbook/ports/chapter.xml head/en_US.ISO8859-1/books/handbook/security/chapter.xml Modified: head/en_US.ISO8859-1/books/handbook/ports/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/ports/chapter.xml Fri Mar 27 16:07:35 2015 (r46386) +++ head/en_US.ISO8859-1/books/handbook/ports/chapter.xml Fri Mar 27 18:55:30 2015 (r46387) @@ -197,15 +197,11 @@ &a.ports; and the &a.ports-bugs;. - Before installing any application, check http://vuxml.freebsd.org/ - for security issues related to the application or install - ports-mgmt/portaudit. Once installed, type - portaudit -F -a to check all installed - applications for known vulnerabilities. When - pkg is being used the audit - functionality is built in. Execute pkg audit - -F to get a report on vulnerable packages. + Before installing any application, check + for security issues related to the application or type + pkg audit -F to check all installed + applications for known vulnerabilities. The remainder of this chapter explains how to use packages @@ -1116,16 +1112,13 @@ Deinstalling ca_root_nss-3.15.1_1... don Collection as described in the previous section. Since the installation of any third-party software can introduce security vulnerabilities, it is recommended to first check - http://vuxml.freebsd.org/ + for known security issues related to the port. Alternately, - if ports-mgmt/portaudit is installed, run - portaudit -F before installing a new + run pkg audit -F before installing a new port. This command can be configured to automatically perform a security audit and an update of the vulnerability database during the daily security system check. For more - information, refer to the manual page for - portaudit and + information, refer to &man.pkg-audit.8; and &man.periodic.8;. Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml ============================================================================== --- head/en_US.ISO8859-1/books/handbook/security/chapter.xml Fri Mar 27 16:07:35 2015 (r46386) +++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml Fri Mar 27 18:55:30 2015 (r46387) @@ -78,7 +78,7 @@ - How to use portaudit to audit + How to use pkg to audit third party software packages installed from the Ports Collection. @@ -3091,7 +3091,7 @@ drwxr-xr-x 2 robert robert 512 Nov 10 - + Monitoring Third Party Security Issues @@ -3102,7 +3102,7 @@ drwxr-xr-x 2 robert robert 512 Nov 10 - portaudit + pkg In recent years, the security world has made many @@ -3117,48 +3117,37 @@ drwxr-xr-x 2 robert robert 512 Nov 10 capability. There is a way to mitigate third party vulnerabilities and warn administrators of known security issues. A &os; add on utility known as - portaudit exists solely for this - purpose. + pkg includes options explicitly for + this purpose. - The - ports-mgmt/portaudit - port polls a database, which is updated and maintained by the - &os; Security Team and ports developers, for known security - issues. - - To install portaudit from the - Ports Collection: - - &prompt.root; cd /usr/ports/ports-mgmt/portaudit && make install clean - - During the installation, the configuration files for - &man.periodic.8; will be updated, permitting - portaudit output in the daily - security runs. Ensure that the daily security run emails, which - are sent to root's - email account, are being read. No other configuration is - required. - - After installation, an administrator can update the - database and view known vulnerabilities in installed packages - by invoking the following command: + pkg polls a database for security + issues. The database is updated and maintained by the &os; Security + Team and ports developers. + + Please refer to for + instructions on installing + pkg. + + Installation provides &man.periodic.8; configuration files + for maintaining the pkg audit + database, and provides a programmatic method of keeping it + updated. This functionality is enabled if + daily_status_security_pkgaudit_enable + is set to YES in &man.periodic.conf.5;. + Ensure that daily security run emails, which are sent to + root's email account, + are being read. + + After installation, and to audit third party utilities as + part of the Ports Collection at any time, an administrator may + choose to update the database and view known vulnerabilities + of installed packages by invoking: - &prompt.root; portaudit -Fda + &prompt.root; pkg audit -F - - The database is automatically updated during the - &man.periodic.8; run. The above command is optional and can - be used to manually update the database now. - - - To audit the third party utilities installed as part of - the Ports Collection at anytime, an administrator can run the - following command: - - &prompt.root; portaudit -a - - portaudit will display messages - for any installed vulnerable packages: + pkg displays messages + any published vulnerabilities in installed packages: Affected package: cups-base-1.1.22.0_1 Type of problem: cups-base -- HPGL buffer overflow vulnerability. @@ -3174,9 +3163,9 @@ You are advised to update or deinstall t versions affected, by &os; port version, along with other web sites which may contain security advisories. - portaudit is a powerful utility - and is extremely useful when coupled with the - portmaster port. + pkg is a powerful utility + and is extremely useful when coupled with + ports-mgmt/portmaster.