Local portaudit server.
lars at gmx.at
lars at gmx.at
Sat Mar 11 08:50:56 UTC 2006
David Robillard wrote:
> Hello,
>
> We use the port security/portaudit on all of our FreeBSD servers.
> Currently, every machine has to out on the internet to download the
> portaudit vulnerability database from the FreeBSD server.
>
> Since all of the machines are downloading the exact same file, we
> would like to setup a local portaudit server. This server would fetch
> the vulnerabilty file and all the rest of our servers would fetch it
> from the local portaudit server.
>
> Has anyone done this setup? Any help/pointers would be great.
Hi
I haven't done it but I don't think it should be a problem:
If you look at the portaudit script
/usr/local/sbin/portaudit
you'll find that the auditfile is located here:
http://www.freebsd.org/ports/auditfile.tbz
You can get it manually, try.
So by changing some variables in
portaudit_confs()
{
: ${portaudit_dir="/var/db/portaudit"}
: ${portaudit_filename="auditfile.tbz"}
: ${portaudit_fetch_env=""}
: ${portaudit_fetch_cmd="fetch -1mp"}
: ${portaudit_sites="http://www.FreeBSD.org/ports/"}
: ${portaudit_fixed=""}
if [ -r /usr/local/etc/portaudit.conf ]; then
. /usr/local/etc/portaudit.conf
fi
}
on each machine you should be able to guide them to your local machine.
hth
lars.
More information about the freebsd-questions
mailing list