pavement

Portaudit

From FreeBSDwiki
(Difference between revisions)
Jump to: navigation, search
 
(fuller generic portaudit error message)
Line 10: Line 10:
 
''portaudit'' is installed to <code>/usr/local/etc/periodic/security/</code> by default, so that it will be run automatically, and will be part of the automated security report that is run by the system and mailed (by default) to the <code>root</code> user.
 
''portaudit'' is installed to <code>/usr/local/etc/periodic/security/</code> by default, so that it will be run automatically, and will be part of the automated security report that is run by the system and mailed (by default) to the <code>root</code> user.
  
After port auditing is enabled, if you attempt to install a port with known vulnerabilities, you will not be able to install or upgrade the insecure port.  Instead, you will receive a message that reads:
+
After port auditing is enabled, you will not be able to install or upgrade the insecure port.  Instead, you will receive a message that reads:
<pre>
+
===>  ''package-version'' has known vulnerabilities:
===>  package-version has known vulnerabilities:
+
=> ''package'' -- ''vulnerability summary''
 
+
  Reference: &tt;http://www.FreeBSD.org/ports/portaudit/''reference''.html>
</pre>
+
=> Please update your ports tree and try again.
 +
*** Error code 1

Revision as of 15:20, 18 May 2006

portaudit is a small FreeBSD port that automatically maintains a database of known vulnerabilities. Installing this port creates and maintains the vulnerabilities database, and enables port security auditing on your system.

When you run make on a port, or use portupgrade or portmanager, you may notice the mysterious but harmless warning that appears if you do not have port auditing enabled:

===>  Vulnerability check disabled, database not found

portaudit is installed to /usr/local/etc/periodic/security/ by default, so that it will be run automatically, and will be part of the automated security report that is run by the system and mailed (by default) to the root user.

After port auditing is enabled, you will not be able to install or upgrade the insecure port. Instead, you will receive a message that reads:

===>  package-version has known vulnerabilities:
=> package -- vulnerability summary
  Reference: &tt;http://www.FreeBSD.org/ports/portaudit/reference.html>
=> Please update your ports tree and try again.
*** Error code 1
Personal tools