Local portaudit server.

[Chuck Swiger]

David Robillard wrote:
> We use the port security/portaudit on all of our FreeBSD servers.
> Currently, every machine has to out on the internet to download the
> portaudit vulnerability database from the FreeBSD server.

If your internal machines need to talk to the web, and you wish to control or
restrict that behavior, the canonical solution is to setup a proxy server and
firewall which blocks Internet access for everything except the proxy.

> Since all of the machines are downloading the exact same file, we
> would like to setup a local portaudit server. This server would fetch
> the vulnerabilty file and all the rest of our servers would fetch it
> from the local portaudit server.
> 
> Has anyone done this setup? Any help/pointers would be great.

You could also use rsync to copy /var/db/portaudit from the external server to
your internal machines on a daily basis via a cron job.

-- 
-Chuck