|
Lines 78-85
Link Here
|
| 78 |
</listitem> |
78 |
</listitem> |
| 79 |
|
79 |
|
| 80 |
<listitem> |
80 |
<listitem> |
| 81 |
<para>How to use <application>portaudit</application> to audit |
81 |
<para>How to use <application>pkg audit</application> to audit |
| 82 |
third party software packages installed from the Ports |
82 |
third pary software packages installed from the Ports |
| 83 |
Collection.</para> |
83 |
Collection.</para> |
| 84 |
</listitem> |
84 |
</listitem> |
| 85 |
|
85 |
|
|
Lines 3100-3106
Link Here
|
| 3100 |
</info> |
3100 |
</info> |
| 3101 |
|
3101 |
|
| 3102 |
<indexterm> |
3102 |
<indexterm> |
| 3103 |
<primary>portaudit</primary> |
3103 |
<primary>pkg audit</primary> |
| 3104 |
</indexterm> |
3104 |
</indexterm> |
| 3105 |
|
3105 |
|
| 3106 |
<para>In recent years, the security world has made many |
3106 |
<para>In recent years, the security world has made many |
|
Lines 3114-3148
Link Here
|
| 3114 |
for every third party utility is beyond the &os; Project's |
3114 |
for every third party utility is beyond the &os; Project's |
| 3115 |
capability. There is a way to mitigate third party |
3115 |
capability. There is a way to mitigate third party |
| 3116 |
vulnerabilities and warn administrators of known security |
3116 |
vulnerabilities and warn administrators of known security |
| 3117 |
issues. A &os; add on utility known as |
3117 |
issues. A &os; utility known as |
| 3118 |
<application>portaudit</application> exists solely for this |
3118 |
<application>pkg audit</application> exists solely for this |
| 3119 |
purpose.</para> |
3119 |
purpose.</para> |
| 3120 |
|
3120 |
|
| 3121 |
<para>The |
3121 |
<para>The |
| 3122 |
<package>ports-mgmt/portaudit</package> |
3122 |
<application>pkg audit</application> |
| 3123 |
port polls a database, which is updated and maintained by the |
3123 |
port polls a database, which is updated and maintained by the |
| 3124 |
&os; Security Team and ports developers, for known security |
3124 |
&os; Security Team and ports developers, for known security |
| 3125 |
issues.</para> |
3125 |
issues.</para> |
| 3126 |
|
3126 |
|
| 3127 |
<para>To install <application>portaudit</application> from the |
3127 |
<warning> |
| 3128 |
Ports Collection:</para> |
3128 |
<para>Prior to FreeBSD 10, <application>portaudit</application> |
|
|
3129 |
(<package>ports-mgmt/portaudit</package>) had to be installed |
| 3130 |
to perform automated security audits. |
| 3131 |
With the introduction |
| 3132 |
of <application>pkg</application> in FreeBSD 10, audit |
| 3133 |
is an integrated part of <application>pkg</application> |
| 3134 |
in the base system.</para> |
| 3135 |
</warning> |
| 3129 |
|
3136 |
|
| 3130 |
<screen>&prompt.root; <userinput>cd /usr/ports/ports-mgmt/portaudit && make install clean</userinput></screen> |
3137 |
<para>From FreeBSD 10, the configuration files for |
|
|
3138 |
&man.periodic.8; include <application>pkg audit</application> |
| 3139 |
output in the daily security runs. Ensure that the daily |
| 3140 |
security run emails, which are sent to <systemitem |
| 3141 |
class="username">root</systemitem>'s required.</para> |
| 3131 |
|
3142 |
|
| 3132 |
<para>During the installation, the configuration files for |
3143 |
<para>An administrator can update the |
| 3133 |
&man.periodic.8; will be updated, permitting |
3144 |
database and view known vulnerabilities in installed packages |
| 3134 |
<application>portaudit</application> output in the daily |
3145 |
by invoking the following command:</para> |
| 3135 |
security runs. Ensure that the daily security run emails, which |
|
|
| 3136 |
are sent to <systemitem class="username">root</systemitem>'s |
| 3137 |
email account, are being read. No other configuration is |
| 3138 |
required.</para> |
| 3139 |
|
3146 |
|
| 3140 |
<para>After installation, an administrator can update the |
3147 |
<screen>&prompt.root; <userinput>pkg audit -F</userinput></screen> |
| 3141 |
database and view known vulnerabilities in installed packages |
|
|
| 3142 |
by invoking the following command:</para> |
| 3143 |
|
3148 |
|
| 3144 |
<screen>&prompt.root; <userinput>portaudit -Fda</userinput></screen> |
|
|
| 3145 |
|
| 3146 |
<note> |
3149 |
<note> |
| 3147 |
<para>The database is automatically updated during the |
3150 |
<para>The database is automatically updated during the |
| 3148 |
&man.periodic.8; run. The above command is optional and can |
3151 |
&man.periodic.8; run. The above command is optional and can |
|
Lines 3153-3161
Link Here
|
| 3153 |
the Ports Collection at anytime, an administrator can run the |
3156 |
the Ports Collection at anytime, an administrator can run the |
| 3154 |
following command:</para> |
3157 |
following command:</para> |
| 3155 |
|
3158 |
|
| 3156 |
<screen>&prompt.root; <userinput>portaudit -a</userinput></screen> |
3159 |
<screen>&prompt.root; <userinput>pkg audit</userinput></screen> |
| 3157 |
|
3160 |
|
| 3158 |
<para><application>portaudit</application> will display messages |
3161 |
<para><application>pkg audit</application> will display messages |
| 3159 |
for any installed vulnerable packages:</para> |
3162 |
for any installed vulnerable packages:</para> |
| 3160 |
|
3163 |
|
| 3161 |
<programlisting>Affected package: cups-base-1.1.22.0_1 |
3164 |
<programlisting>Affected package: cups-base-1.1.22.0_1 |
|
Lines 3172-3178
Link Here
|
| 3172 |
versions affected, by &os; port version, along with other web |
3175 |
versions affected, by &os; port version, along with other web |
| 3173 |
sites which may contain security advisories.</para> |
3176 |
sites which may contain security advisories.</para> |
| 3174 |
|
3177 |
|
| 3175 |
<para><application>portaudit</application> is a powerful utility |
3178 |
<para><application>pkg audit</application> is a powerful utility |
| 3176 |
and is extremely useful when coupled with the |
3179 |
and is extremely useful when coupled with the |
| 3177 |
<application>portmaster</application> port.</para> |
3180 |
<application>portmaster</application> port.</para> |
| 3178 |
</sect1> |
3181 |
</sect1> |