portaudit is a small FreeBSD port that automatically creates and maintains a database of known vulnerabilities. Installing this port enables port security auditing on your system.
After port auditing is enabled, you will not be able to install or upgrade an insecure port. Instead, you will receive a message that reads:
===> package-version has known vulnerabilities: => package -- vulnerability summary Reference: &tt;http://www.FreeBSD.org/ports/portaudit/reference.html> => Please update your ports tree and try again. *** Error code 1
portaudit is installed to
/usr/local/etc/periodic/security/ by default, so that it will be run automatically, and will be part of the automated security report that is run by the system and mailed (by default) to the
===> Vulnerability check disabled, database not found
If for some reason you need to install a port even though it has know vulnerabilities, you can use the DISABLE_VULNERABILITIES make argument
cd /usr/ports/foo/bar make -DDISABLE_VULNERABILITIES
or using portupgrade
portupgrade -m 'DISABLE_VULNERABILITIES=yes' <package>
Alternatively, you may run pkg audit, to audit installed packages, but this has less features than portaudit.
# pkg audit