Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.netbsd.org", Issuer "Postmaster NetBSD.org" (verified OK))
	by mollari.NetBSD.org (Postfix) with ESMTPS id CC7777A1AF
	for <mhonarc+pkgsrc-changes@mail-index.netbsd.org>; Sat,  7 Jan 2017 03:28:39 +0000 (UTC)
Received: by mail.netbsd.org (Postfix, from userid 605)
	id 3E3DF856D9; Sat,  7 Jan 2017 03:28:39 +0000 (UTC)
Received: from localhost (localhost [127.0.0.1])
	by mail.netbsd.org (Postfix) with ESMTP id C3D68856C0
	for <pkgsrc-changes@NetBSD.org>; Sat,  7 Jan 2017 03:28:38 +0000 (UTC)
X-Virus-Scanned: amavisd-new at netbsd.org
Received: from mail.netbsd.org ([IPv6:::1])
	by localhost (mail.netbsd.org [IPv6:::1]) (amavisd-new, port 10025)
	with ESMTP id TJcsCr5v7Fde for <pkgsrc-changes@netbsd.org>;
	Sat,  7 Jan 2017 03:28:38 +0000 (UTC)
Received: from cvs.NetBSD.org (ivanova.netbsd.org [199.233.217.197])
	by mail.netbsd.org (Postfix) with ESMTP id 5134485626
	for <pkgsrc-changes@NetBSD.org>; Sat,  7 Jan 2017 03:28:38 +0000 (UTC)
Received: by cvs.NetBSD.org (Postfix, from userid 500)
	id 4B540FBA6; Sat,  7 Jan 2017 03:28:38 +0000 (UTC)
Content-Transfer-Encoding: 7bit
Content-Type: multipart/mixed; boundary="_----------=_1483759718100540"
MIME-Version: 1.0
Date: Sat, 7 Jan 2017 03:28:38 +0000
From: "Sevan Janiyan" <sevan@netbsd.org>
Subject: CVS commit: pkgsrc/doc/guide/files
To: pkgsrc-changes@NetBSD.org
Reply-To: sevan@netbsd.org
X-Mailer: log_accum
Message-Id: <20170107032838.4B540FBA6@cvs.NetBSD.org>
Sender: pkgsrc-changes-owner@NetBSD.org
List-Id: pkgsrc-changes.NetBSD.org
Precedence: bulk

This is a multi-part message in MIME format.

--_----------=_1483759718100540
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
Content-Type: text/plain; charset="US-ASCII"

Module Name:	pkgsrc
Committed By:	sevan
Date:		Sat Jan  7 03:28:38 UTC 2017

Modified Files:
	pkgsrc/doc/guide/files: using.xml

Log Message:
Use the path pkg_admin is installed in when bootstrapped from pkgsrc, not natively on NetBSD.
Add a cron job to run the audit in the example.
Direct NetBSD users to the fetch_pkg_vulnerabilities & check_pkg_vulnerabilities instead.


To generate a diff of this commit:
cvs rdiff -u -r1.41 -r1.42 pkgsrc/doc/guide/files/using.xml

Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.


--_----------=_1483759718100540
Content-Disposition: inline
Content-Length: 2140
Content-Transfer-Encoding: binary
Content-Type: text/x-diff; charset=us-ascii

Modified files:

Index: pkgsrc/doc/guide/files/using.xml
diff -u pkgsrc/doc/guide/files/using.xml:1.41 pkgsrc/doc/guide/files/using.xml:1.42
--- pkgsrc/doc/guide/files/using.xml:1.41	Sat Jan  7 02:25:24 2017
+++ pkgsrc/doc/guide/files/using.xml	Sat Jan  7 03:28:38 2017
@@ -1,4 +1,4 @@
-<!-- $NetBSD: using.xml,v 1.41 2017/01/07 02:25:24 sevan Exp $ -->
+<!-- $NetBSD: using.xml,v 1.42 2017/01/07 03:28:38 sevan Exp $ -->
 
 <chapter id="using"> <?dbhtml filename="using.html"?>
 <title>Using pkgsrc</title>
@@ -174,17 +174,26 @@ and you can still use binary packages fr
       to the root users &man.crontab.5; entry.  For example the entry
       <screen>
 # download vulnerabilities file
-0 3 * * * /usr/sbin/pkg_admin fetch-pkg-vulnerabilities >/dev/null 2>&1
+0 3 * * * /usr/pkg/sbin/pkg_admin fetch-pkg-vulnerabilities >/dev/null 2>&1
+# audit the installed packages and email results to root
+9 3 * * * /usr/pkg/sbin/pkg_admin auit |mail -s "Installed package audit result" root >/dev/null 2>&1
       </screen>
-      will update the vulnerability list every day at 3AM. You may wish to do
-      this more often than once a day.
+      will update the vulnerability list every day at 3AM, followed by an audit
+      at 3:09AM. The result of the audit are then emailed to root.
 
-      In addition, you may wish to run the package audit from the daily
-      security script.  This may be accomplished by adding the following
-      line to <filename>/etc/security.local</filename>:
+      On NetBSD this may be accomplished instead by adding the following
+      line to <filename>/etc/daily.conf</filename>:
       <screen>
-/usr/sbin/pkg_admin audit
+fetch_pkg_vulnerabilities=YES
       </screen>
+      to fetch the vulnerability list from the daily security script. The system
+      is set to audit the packages by default but can be set explicitly, if
+      desired (not required), by adding the follwing line to
+<filename>/etc/security.conf</filename>:
+      <screen>
+check_pkg_vulnerabilities=YES
+      </screen>
+      see &man.daily.conf.5; and &man.security.conf.5; for more details.
     </para>
   </sect2>
 


--_----------=_1483759718100540--