svn commit: r46387 - in head/en_US.ISO8859-1/books/handbook: ports security

Jason Helfman jgh at FreeBSD.org
Fri Mar 27 18:55:32 UTC 2015


Author: jgh
Date: Fri Mar 27 18:55:30 2015
New Revision: 46387
URL: https://svnweb.freebsd.org/changeset/doc/46387

Log:
  - remove portaudit references, as it is no longer in the Ports Collection
  
  Differential Revision:	https://reviews.freebsd.org/D1303
  Approved by:	wblock (mentor)

Modified:
  head/en_US.ISO8859-1/books/handbook/ports/chapter.xml
  head/en_US.ISO8859-1/books/handbook/security/chapter.xml

Modified: head/en_US.ISO8859-1/books/handbook/ports/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/ports/chapter.xml	Fri Mar 27 16:07:35 2015	(r46386)
+++ head/en_US.ISO8859-1/books/handbook/ports/chapter.xml	Fri Mar 27 18:55:30 2015	(r46387)
@@ -197,15 +197,11 @@
       &a.ports; and the &a.ports-bugs;.</para>
 
     <warning>
-      <para>Before installing any application, check <uri
-	  xlink:href="http://vuxml.freebsd.org/">http://vuxml.freebsd.org/</uri>
-	for security issues related to the application or install
-	<package>ports-mgmt/portaudit</package>.  Once installed, type
-	<command>portaudit -F -a</command> to check all installed
-	applications for known vulnerabilities.  When
-	<application>pkg</application> is being used the audit
-	functionality is built in.  Execute <command>pkg audit
-	  -F</command> to get a report on vulnerable packages.</para>
+      <para>Before installing any application, check <link
+	  xlink:href="http://vuxml.freebsd.org/"></link>
+	for security issues related to the application or type
+	<command>pkg audit -F</command> to check all installed
+	applications for known vulnerabilities.</para>
     </warning>
 
     <para>The remainder of this chapter explains how to use packages
@@ -1116,16 +1112,13 @@ Deinstalling ca_root_nss-3.15.1_1... don
 	  Collection as described in the previous section.  Since
 	  the installation of any third-party software can introduce
 	  security vulnerabilities, it is recommended to first check
-	  <uri
-	    xlink:href="http://vuxml.freebsd.org/">http://vuxml.freebsd.org/</uri>
+	  <link xlink:href="http://vuxml.freebsd.org/"></link>
 	  for known security issues related to the port.  Alternately,
-	  if <package>ports-mgmt/portaudit</package> is installed, run
-	  <command>portaudit -F</command> before installing a new
+	  run <command>pkg audit -F</command> before installing a new
 	  port.  This command can be configured to automatically
 	  perform a security audit and an update of the vulnerability
 	  database during the daily security system check.  For more
-	  information, refer to the manual page for
-	  <application>portaudit</application> and
+	  information, refer to &man.pkg-audit.8; and
 	  &man.periodic.8;.</para>
       </warning>
 

Modified: head/en_US.ISO8859-1/books/handbook/security/chapter.xml
==============================================================================
--- head/en_US.ISO8859-1/books/handbook/security/chapter.xml	Fri Mar 27 16:07:35 2015	(r46386)
+++ head/en_US.ISO8859-1/books/handbook/security/chapter.xml	Fri Mar 27 18:55:30 2015	(r46387)
@@ -78,7 +78,7 @@
       </listitem>
 
       <listitem>
-	<para>How to use <application>portaudit</application> to audit
+	<para>How to use <application>pkg</application> to audit
 	  third party software packages installed from the Ports
 	  Collection.</para>
       </listitem>
@@ -3091,7 +3091,7 @@ drwxr-xr-x  2 robert  robert  512 Nov 10
     </sect2>
   </sect1>
 
-  <sect1 xml:id="security-portaudit">
+  <sect1 xml:id="security-pkg">
     <info>
       <title>Monitoring Third Party Security Issues</title>
 
@@ -3102,7 +3102,7 @@ drwxr-xr-x  2 robert  robert  512 Nov 10
     </info>
 
     <indexterm>
-      <primary>portaudit</primary>
+      <primary>pkg</primary>
     </indexterm>
 
     <para>In recent years, the security world has made many
@@ -3117,48 +3117,37 @@ drwxr-xr-x  2 robert  robert  512 Nov 10
       capability.  There is a way to mitigate third party
       vulnerabilities and warn administrators of known security
       issues.  A &os; add on utility known as
-      <application>portaudit</application> exists solely for this
-      purpose.</para>
+      <application>pkg</application> includes options explicitly for
+      this purpose.</para>
 
-    <para>The
-      <package>ports-mgmt/portaudit</package>
-      port polls a database, which is updated and maintained by the
-      &os; Security Team and ports developers, for known security
-      issues.</para>
-
-    <para>To install <application>portaudit</application> from the
-      Ports Collection:</para>
-
-    <screen>&prompt.root; <userinput>cd /usr/ports/ports-mgmt/portaudit && make install clean</userinput></screen>
-
-    <para>During the installation, the configuration files for
-      &man.periodic.8; will be updated, permitting
-      <application>portaudit</application> output in the daily
-      security runs.  Ensure that the daily security run emails, which
-      are sent to <systemitem class="username">root</systemitem>'s
-      email account, are being read.  No other configuration is
-      required.</para>
-
-    <para>After installation, an administrator can update the
-      database and view known vulnerabilities in installed packages
-      by invoking the following command:</para>
+    <para><application>pkg</application> polls a database for security
+      issues. The database is updated and maintained by the &os; Security
+      Team and ports developers.</para>
+
+    <para>Please refer to <link
+	xlink:href="&url.books.handbook;/pkgng-intro.html"></link> for
+      instructions on installing
+      <application>pkg</application>.</para>
+
+    <para>Installation provides &man.periodic.8; configuration files
+      for maintaining the <application>pkg</application> audit
+      database, and provides a programmatic method of keeping it
+      updated.  This functionality is enabled if
+      <literal>daily_status_security_pkgaudit_enable</literal>
+      is set to <literal>YES</literal> in &man.periodic.conf.5;.
+      Ensure that daily security run emails, which are sent to
+      <systemitem class="username">root</systemitem>'s email account,
+      are being read.</para>
+
+    <para>After installation, and to audit third party utilities as
+      part of the Ports Collection at any time, an administrator may
+      choose to update the database and view known vulnerabilities
+      of installed packages by invoking:</para>
 
-    <screen>&prompt.root; <userinput>portaudit -Fda</userinput></screen>
+    <screen>&prompt.root; <userinput>pkg audit -F</userinput></screen>
 
-    <note>
-      <para>The database is automatically updated during the
-	&man.periodic.8; run.  The above command is optional and can
-	be used to manually update the database now.</para>
-    </note>
-
-    <para>To audit the third party utilities installed as part of
-      the Ports Collection at anytime, an administrator can run the
-      following command:</para>
-
-    <screen>&prompt.root; <userinput>portaudit -a</userinput></screen>
-
-    <para><application>portaudit</application> will display messages
-      for any installed vulnerable packages:</para>
+    <para><application>pkg</application> displays messages
+      any published vulnerabilities in installed packages:</para>
 
     <programlisting>Affected package: cups-base-1.1.22.0_1
 Type of problem: cups-base -- HPGL buffer overflow vulnerability.
@@ -3174,9 +3163,9 @@ You are advised to update or deinstall t
       versions affected, by &os; port version, along with other web
       sites which may contain security advisories.</para>
 
-    <para><application>portaudit</application> is a powerful utility
-      and is extremely useful when coupled with the
-      <application>portmaster</application> port.</para>
+    <para><application>pkg</application> is a powerful utility
+      and is extremely useful when coupled with
+      <package>ports-mgmt/portmaster</package>.</para>
   </sect1>
 
   <sect1 xml:id="security-advisories">


More information about the svn-doc-all mailing list