svn commit: r46387 - in head/en_US.ISO8859-1/books/handbook: ports security
Jason Helfman
jgh at FreeBSD.org
Fri Mar 27 18:55:32 UTC 2015
Author: jgh
Date: Fri Mar 27 18:55:30 2015
New Revision: 46387
URL: https://svnweb.freebsd.org/changeset/doc/46387
Log:
- remove portaudit references, as it is no longer in the Ports Collection
Differential Revision: https://reviews.freebsd.org/D1303
Approved by: wblock (mentor)
Modified:
head/en_US.ISO8859-1/books/handbook/ports/chapter.xml
head/en_US.ISO8859-1/books/handbook/security/chapter.xml
Modified: head/en_US.ISO8859-1/books/handbook/ports/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/ports/chapter.xml Fri Mar 27 16:07:35 2015 (r46386)
+++ head/en_US.ISO8859-1/books/handbook/ports/chapter.xml Fri Mar 27 18:55:30 2015 (r46387)
@@ -197,15 +197,11 @@
&a.ports; and the &a.ports-bugs;.</para>
<warning>
- <para>Before installing any application, check <uri
- xlink:href="http://vuxml.freebsd.org/">http://vuxml.freebsd.org/</uri>
- for security issues related to the application or install
- <package>ports-mgmt/portaudit</package>. Once installed, type
- <command>portaudit -F -a</command> to check all installed
- applications for known vulnerabilities. When
- <application>pkg</application> is being used the audit
- functionality is built in. Execute <command>pkg audit
- -F</command> to get a report on vulnerable packages.</para>
+ <para>Before installing any application, check <link
+ xlink:href="http://vuxml.freebsd.org/"></link>
+ for security issues related to the application or type
+ <command>pkg audit -F</command> to check all installed
+ applications for known vulnerabilities.</para>
</warning>
<para>The remainder of this chapter explains how to use packages
@@ -1116,16 +1112,13 @@ Deinstalling ca_root_nss-3.15.1_1... don
Collection as described in the previous section. Since
the installation of any third-party software can introduce
security vulnerabilities, it is recommended to first check
- <uri
- xlink:href="http://vuxml.freebsd.org/">http://vuxml.freebsd.org/</uri>
+ <link xlink:href="http://vuxml.freebsd.org/"></link>
for known security issues related to the port. Alternately,
- if <package>ports-mgmt/portaudit</package> is installed, run
- <command>portaudit -F</command> before installing a new
+ run <command>pkg audit -F</command> before installing a new
port. This command can be configured to automatically
perform a security audit and an update of the vulnerability
database during the daily security system check. For more
- information, refer to the manual page for
- <application>portaudit</application> and
+ information, refer to &man.pkg-audit.8; and
&man.periodic.8;.</para>
</warning>
Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/security/chapter.xml Fri Mar 27 16:07:35 2015 (r46386)
+++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml Fri Mar 27 18:55:30 2015 (r46387)
@@ -78,7 +78,7 @@
</listitem>
<listitem>
- <para>How to use <application>portaudit</application> to audit
+ <para>How to use <application>pkg</application> to audit
third party software packages installed from the Ports
Collection.</para>
</listitem>
@@ -3091,7 +3091,7 @@ drwxr-xr-x 2 robert robert 512 Nov 10
</sect2>
</sect1>
- <sect1 xml:id="security-portaudit">
+ <sect1 xml:id="security-pkg">
<info>
<title>Monitoring Third Party Security Issues</title>
@@ -3102,7 +3102,7 @@ drwxr-xr-x 2 robert robert 512 Nov 10
</info>
<indexterm>
- <primary>portaudit</primary>
+ <primary>pkg</primary>
</indexterm>
<para>In recent years, the security world has made many
@@ -3117,48 +3117,37 @@ drwxr-xr-x 2 robert robert 512 Nov 10
capability. There is a way to mitigate third party
vulnerabilities and warn administrators of known security
issues. A &os; add on utility known as
- <application>portaudit</application> exists solely for this
- purpose.</para>
+ <application>pkg</application> includes options explicitly for
+ this purpose.</para>
- <para>The
- <package>ports-mgmt/portaudit</package>
- port polls a database, which is updated and maintained by the
- &os; Security Team and ports developers, for known security
- issues.</para>
-
- <para>To install <application>portaudit</application> from the
- Ports Collection:</para>
-
- <screen>&prompt.root; <userinput>cd /usr/ports/ports-mgmt/portaudit && make install clean</userinput></screen>
-
- <para>During the installation, the configuration files for
- &man.periodic.8; will be updated, permitting
- <application>portaudit</application> output in the daily
- security runs. Ensure that the daily security run emails, which
- are sent to <systemitem class="username">root</systemitem>'s
- email account, are being read. No other configuration is
- required.</para>
-
- <para>After installation, an administrator can update the
- database and view known vulnerabilities in installed packages
- by invoking the following command:</para>
+ <para><application>pkg</application> polls a database for security
+ issues. The database is updated and maintained by the &os; Security
+ Team and ports developers.</para>
+
+ <para>Please refer to <link
+ xlink:href="&url.books.handbook;/pkgng-intro.html"></link> for
+ instructions on installing
+ <application>pkg</application>.</para>
+
+ <para>Installation provides &man.periodic.8; configuration files
+ for maintaining the <application>pkg</application> audit
+ database, and provides a programmatic method of keeping it
+ updated. This functionality is enabled if
+ <literal>daily_status_security_pkgaudit_enable</literal>
+ is set to <literal>YES</literal> in &man.periodic.conf.5;.
+ Ensure that daily security run emails, which are sent to
+ <systemitem class="username">root</systemitem>'s email account,
+ are being read.</para>
+
+ <para>After installation, and to audit third party utilities as
+ part of the Ports Collection at any time, an administrator may
+ choose to update the database and view known vulnerabilities
+ of installed packages by invoking:</para>
- <screen>&prompt.root; <userinput>portaudit -Fda</userinput></screen>
+ <screen>&prompt.root; <userinput>pkg audit -F</userinput></screen>
- <note>
- <para>The database is automatically updated during the
- &man.periodic.8; run. The above command is optional and can
- be used to manually update the database now.</para>
- </note>
-
- <para>To audit the third party utilities installed as part of
- the Ports Collection at anytime, an administrator can run the
- following command:</para>
-
- <screen>&prompt.root; <userinput>portaudit -a</userinput></screen>
-
- <para><application>portaudit</application> will display messages
- for any installed vulnerable packages:</para>
+ <para><application>pkg</application> displays messages
+ any published vulnerabilities in installed packages:</para>
<programlisting>Affected package: cups-base-1.1.22.0_1
Type of problem: cups-base -- HPGL buffer overflow vulnerability.
@@ -3174,9 +3163,9 @@ You are advised to update or deinstall t
versions affected, by &os; port version, along with other web
sites which may contain security advisories.</para>
- <para><application>portaudit</application> is a powerful utility
- and is extremely useful when coupled with the
- <application>portmaster</application> port.</para>
+ <para><application>pkg</application> is a powerful utility
+ and is extremely useful when coupled with
+ <package>ports-mgmt/portmaster</package>.</para>
</sect1>
<sect1 xml:id="security-advisories">
More information about the svn-doc-head
mailing list