Tracking Security in Ports and Base System
Chris Maness
chris at chrismaness.com
Wed Mar 1 14:32:02 PST 2006
On Wed, 1 Mar 2006, Randy Pratt wrote:
> On Wed, 1 Mar 2006 10:09:51 -0800 (PST)
> chris at chrismaness.com wrote:
>
>>> On Wed, 8 Feb 2006, Chris Maness wrote:
>>>
>>>> How should I set up cvsup to just track security updates for ports. And
>> would the best thing to do after I synced CVS, do portupgrade -a so
>> that everything selected gets rebuilt.
>>>
>>> I'm not sure there is a way to do this for ports, other than manually
>> checking what's been changed and whether you consider that to be a
>> security upgrade, then upgrading each applicable port by hand. As far as
>> I understand, there is only one tag for ports ("tag=."), which gets you
>> the "current" ports tree. I *can* guarantee that others know more about
>> this than I do.
>
> There is a port which does this for you (security/portaudit):
>
> portaudit provides a system to check if installed ports are
> listed in a database of published security vulnerabilities.
>
> After installation it will update this security database
> automatically and include its reports in the output of the
> daily security run.
>
>>>> What is the equivalent for the base system?
>>>
>>> Much simpler: just track RELENG_your_release to get security updates and
>> bug fixes and nothing else. For example, mine is RELENG_5_4 and
>>> therefore tracks 5.4-RELEASE.
>
> Additionally, I'd suggest subscribing to one of these mailing list so
> that you are notified when a SA is issued:
>
> security-advisories at freebsd.org
> freebsd-announce at freebsd.org
>
> HTH,
>
> Randy
> --
>
Thanks, I do have port audit installed. I was refering to system
security. The base system + FreeBSD userland. I wanted to do this
because I did get a notice from the security list today. Do I do a make
buildworld, to update the system? Do I do this in /usr/src ?
More information about the freebsd-questions
mailing list