From owner-freebsd-questions@FreeBSD.ORG Wed Mar 1 22:32:02 2006 Return-Path: X-Original-To: freebsd-questions@freebsd.org Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D008116A420 for ; Wed, 1 Mar 2006 22:32:02 +0000 (GMT) (envelope-from chris@chrismaness.com) Received: from ns1.internetinsite.com (ns1.internetinsite.com [208.179.97.2]) by mx1.FreeBSD.org (Postfix) with ESMTP id 8327343D6D for ; Wed, 1 Mar 2006 22:31:58 +0000 (GMT) (envelope-from chris@chrismaness.com) Received: from ns1.internetinsite.com (localhost.internetinsite.com [127.0.0.1]) by ns1.internetinsite.com (8.13.4/8.13.4) with ESMTP id k21MVuuQ090345; Wed, 1 Mar 2006 14:31:56 -0800 (PST) (envelope-from chris@chrismaness.com) Received: from localhost (chris@localhost) by ns1.internetinsite.com (8.13.4/8.13.4/Submit) with ESMTP id k21MVtaO090342; Wed, 1 Mar 2006 14:31:55 -0800 (PST) (envelope-from chris@chrismaness.com) X-Authentication-Warning: ns1.internetinsite.com: chris owned process doing -bs Date: Wed, 1 Mar 2006 14:31:55 -0800 (PST) From: Chris Maness X-X-Sender: chris@ns1.internetinsite.com To: Randy Pratt In-Reply-To: <20060301143752.aafe3226.bsd-unix@comcast.net> Message-ID: <20060301142822.O90298@ns1.internetinsite.com> References: <43EA9782.7060708@chrismaness.com> <20060208203027.H73762@tripel.monochrome.org> <50124.67.126.165.122.1141236591.squirrel@squirrel.kq6up.org> <20060301143752.aafe3226.bsd-unix@comcast.net> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed Cc: freebsd-questions@freebsd.org Subject: Re: Tracking Security in Ports and Base System X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 01 Mar 2006 22:32:02 -0000 On Wed, 1 Mar 2006, Randy Pratt wrote: > On Wed, 1 Mar 2006 10:09:51 -0800 (PST) > chris@chrismaness.com wrote: > >>> On Wed, 8 Feb 2006, Chris Maness wrote: >>> >>>> How should I set up cvsup to just track security updates for ports. And >> would the best thing to do after I synced CVS, do portupgrade -a so >> that everything selected gets rebuilt. >>> >>> I'm not sure there is a way to do this for ports, other than manually >> checking what's been changed and whether you consider that to be a >> security upgrade, then upgrading each applicable port by hand. As far as >> I understand, there is only one tag for ports ("tag=."), which gets you >> the "current" ports tree. I *can* guarantee that others know more about >> this than I do. > > There is a port which does this for you (security/portaudit): > > portaudit provides a system to check if installed ports are > listed in a database of published security vulnerabilities. > > After installation it will update this security database > automatically and include its reports in the output of the > daily security run. > >>>> What is the equivalent for the base system? >>> >>> Much simpler: just track RELENG_your_release to get security updates and >> bug fixes and nothing else. For example, mine is RELENG_5_4 and >>> therefore tracks 5.4-RELEASE. > > Additionally, I'd suggest subscribing to one of these mailing list so > that you are notified when a SA is issued: > > security-advisories@freebsd.org > freebsd-announce@freebsd.org > > HTH, > > Randy > -- > Thanks, I do have port audit installed. I was refering to system security. The base system + FreeBSD userland. I wanted to do this because I did get a notice from the security list today. Do I do a make buildworld, to update the system? Do I do this in /usr/src ?