Date: Wed, 1 Mar 2006 14:31:55 -0800 (PST) From: Chris Maness <chris@chrismaness.com> To: Randy Pratt <bsd-unix@comcast.net> Cc: freebsd-questions@freebsd.org Subject: Re: Tracking Security in Ports and Base System Message-ID: <20060301142822.O90298@ns1.internetinsite.com> In-Reply-To: <20060301143752.aafe3226.bsd-unix@comcast.net> References: <43EA9782.7060708@chrismaness.com> <20060208203027.H73762@tripel.monochrome.org> <50124.67.126.165.122.1141236591.squirrel@squirrel.kq6up.org> <20060301143752.aafe3226.bsd-unix@comcast.net>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 1 Mar 2006, Randy Pratt wrote:
> On Wed, 1 Mar 2006 10:09:51 -0800 (PST)
> chris@chrismaness.com wrote:
>
>>> On Wed, 8 Feb 2006, Chris Maness wrote:
>>>
>>>> How should I set up cvsup to just track security updates for ports. And
>> would the best thing to do after I synced CVS, do portupgrade -a so
>> that everything selected gets rebuilt.
>>>
>>> I'm not sure there is a way to do this for ports, other than manually
>> checking what's been changed and whether you consider that to be a
>> security upgrade, then upgrading each applicable port by hand. As far as
>> I understand, there is only one tag for ports ("tag=."), which gets you
>> the "current" ports tree. I *can* guarantee that others know more about
>> this than I do.
>
> There is a port which does this for you (security/portaudit):
>
> portaudit provides a system to check if installed ports are
> listed in a database of published security vulnerabilities.
>
> After installation it will update this security database
> automatically and include its reports in the output of the
> daily security run.
>
>>>> What is the equivalent for the base system?
>>>
>>> Much simpler: just track RELENG_your_release to get security updates and
>> bug fixes and nothing else. For example, mine is RELENG_5_4 and
>>> therefore tracks 5.4-RELEASE.
>
> Additionally, I'd suggest subscribing to one of these mailing list so
> that you are notified when a SA is issued:
>
> security-advisories@freebsd.org
> freebsd-announce@freebsd.org
>
> HTH,
>
> Randy
> --
>
Thanks, I do have port audit installed. I was refering to system
security. The base system + FreeBSD userland. I wanted to do this
because I did get a notice from the security list today. Do I do a make
buildworld, to update the system? Do I do this in /usr/src ?
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20060301142822.O90298>