Portaudit
From FreeBSDwiki
(Difference between revisions)
Ninereasons (Talk | contribs) m (redundant) |
Ninereasons (Talk | contribs) |
||
Line 11: | Line 11: | ||
''portaudit'' is installed to <code>/usr/local/etc/periodic/security/</code> by default, so that it will be run automatically, and will be part of the automated security report that is run by the system and mailed (by default) to the <code>root</code> user. | ''portaudit'' is installed to <code>/usr/local/etc/periodic/security/</code> by default, so that it will be run automatically, and will be part of the automated security report that is run by the system and mailed (by default) to the <code>root</code> user. | ||
− | If you do not have port auditing enabled, you may notice the mysterious but harmless warning, when you run <code>make</code> on | + | If you do not have port auditing enabled, you may notice the mysterious but harmless warning, when you run <code>make</code> on any port, or use [[portupgrade]] or [[portmanager]]: |
<pre> | <pre> | ||
===> Vulnerability check disabled, database not found | ===> Vulnerability check disabled, database not found | ||
</pre> | </pre> |
Revision as of 13:33, 30 May 2006
portaudit is a small FreeBSD port that automatically creates and maintains a database of known vulnerabilities. Installing this port enables port security auditing on your system.
After port auditing is enabled, you will not be able to install or upgrade an insecure port. Instead, you will receive a message that reads:
===> package-version has known vulnerabilities: => package -- vulnerability summary Reference: &tt;http://www.FreeBSD.org/ports/portaudit/reference.html> => Please update your ports tree and try again. *** Error code 1
portaudit is installed to /usr/local/etc/periodic/security/
by default, so that it will be run automatically, and will be part of the automated security report that is run by the system and mailed (by default) to the root
user.
If you do not have port auditing enabled, you may notice the mysterious but harmless warning, when you run make
on any port, or use portupgrade or portmanager:
===> Vulnerability check disabled, database not found