| @@ -1,43 +1,42 @@ | | | @@ -1,43 +1,42 @@ |
1 | =========================================================================== | | 1 | =========================================================================== |
2 | $NetBSD: MESSAGE,v 1.3 2007/10/09 19:19:14 martti Exp $ | | 2 | $NetBSD: MESSAGE,v 1.4 2008/01/13 22:31:25 rillig Exp $ |
3 | | | 3 | |
4 | You may wish to have the vulnerabilities file downloaded daily so that | | 4 | You may wish to have the vulnerabilities file downloaded daily so that |
5 | it remains current. This may be done by adding an appropriate entry | | 5 | it remains current. This may be done by adding an appropriate entry |
6 | to a users crontab(5) entry. For example the entry | | 6 | to a user's crontab(5) entry. For example the entry |
7 | | | 7 | |
8 | # download vulnerabilities file | | 8 | # download vulnerabilities file |
9 | 0 3 * * * ${PREFIX}/sbin/download-vulnerability-list >/dev/null 2>&1 | | 9 | 0 3 * * * ${PREFIX}/sbin/download-vulnerability-list >/dev/null 2>&1 |
10 | | | 10 | |
11 | will update the vulnerability list every day at 3AM. You may wish to do | | 11 | will update the vulnerability list every day at 3AM. You may wish to do |
12 | this more often than once a day. | | 12 | this more often than once a day. |
13 | | | 13 | |
14 | In addition, you may wish to run the package audit from the daily | | 14 | In addition, you may wish to run the package audit from the daily |
15 | security script. This may be accomplished by adding the following | | 15 | security script. This may be accomplished by adding the following |
16 | lines to /etc/security.local | | 16 | lines to /etc/security.local |
17 | | | 17 | |
18 | if [ -x ${PREFIX}/sbin/audit-packages ]; then | | 18 | if [ -x ${PREFIX}/sbin/audit-packages ]; then |
19 | ${PREFIX}/sbin/audit-packages | | 19 | ${PREFIX}/sbin/audit-packages |
20 | fi | | 20 | fi |
21 | | | 21 | |
22 | Alternatively this can also be acomplished by adding an entry to a users | | 22 | Alternatively this can also be acomplished by adding an entry to a user's |
23 | crontab(5) file. e.g.: | | 23 | crontab(5) file. e.g.: |
24 | | | 24 | |
25 | # run audit-packages | | 25 | # run audit-packages |
26 | 0 3 * * * ${PREFIX}/sbin/audit-packages | | 26 | 0 3 * * * ${PREFIX}/sbin/audit-packages |
27 | | | 27 | |
28 | audit-packages and/or download-vulnerability-list need not be run by | | 28 | audit-packages and/or download-vulnerability-list need not be run by |
29 | the root user. They will function as an unpriveleged user just so | | 29 | the root user. They will function as an unprivileged user, as long |
30 | long as the user chosen has permmission to write the pkg-vulnerabilites | | 30 | as the user chosen has permission to write the pkg-vulnerabilites |
31 | to ${PKGVULNDIR}. | | 31 | to ${PKGVULNDIR}. |
32 | | | 32 | |
33 | A sample audit-packages.conf has been installed to: | | 33 | A sample audit-packages.conf has been installed to: |
34 | | | 34 | |
35 | ${EGDIR}/audit-packages.conf | | 35 | ${EGDIR}/audit-packages.conf |
36 | | | 36 | |
37 | You may want to customise this file and copy it to | | 37 | You may want to customise this file and copy it to |
38 | ${PKG_SYSCONFDIR}/audit-packages.conf. | | 38 | ${PKG_SYSCONFDIR}/audit-packages.conf. |
39 | If you want to use signature verification you will need to install GnuPG and | | 39 | If you want to use signature verification you will need to install GnuPG and |
40 | set the path for GPG appropriately in your audit-packages.conf. See | | 40 | set the path for GPG appropriately in your audit-packages.conf. See |
41 | audit-packages.conf(5) and audit-packages(8) for further information. | | 41 | audit-packages.conf(5) and audit-packages(8) for further information. |
42 | | | | |
43 | =========================================================================== | | 42 | =========================================================================== |