| @@ -1,43 +1,42 @@ | | | @@ -1,43 +1,42 @@ |
| 1 | =========================================================================== | | 1 | =========================================================================== |
| 2 | $NetBSD: MESSAGE,v 1.3 2007/10/09 19:19:14 martti Exp $ | | 2 | $NetBSD: MESSAGE,v 1.4 2008/01/13 22:31:25 rillig Exp $ |
| 3 | | | 3 | |
| 4 | You may wish to have the vulnerabilities file downloaded daily so that | | 4 | You may wish to have the vulnerabilities file downloaded daily so that |
| 5 | it remains current. This may be done by adding an appropriate entry | | 5 | it remains current. This may be done by adding an appropriate entry |
| 6 | to a users crontab(5) entry. For example the entry | | 6 | to a user's crontab(5) entry. For example the entry |
| 7 | | | 7 | |
| 8 | # download vulnerabilities file | | 8 | # download vulnerabilities file |
| 9 | 0 3 * * * ${PREFIX}/sbin/download-vulnerability-list >/dev/null 2>&1 | | 9 | 0 3 * * * ${PREFIX}/sbin/download-vulnerability-list >/dev/null 2>&1 |
| 10 | | | 10 | |
| 11 | will update the vulnerability list every day at 3AM. You may wish to do | | 11 | will update the vulnerability list every day at 3AM. You may wish to do |
| 12 | this more often than once a day. | | 12 | this more often than once a day. |
| 13 | | | 13 | |
| 14 | In addition, you may wish to run the package audit from the daily | | 14 | In addition, you may wish to run the package audit from the daily |
| 15 | security script. This may be accomplished by adding the following | | 15 | security script. This may be accomplished by adding the following |
| 16 | lines to /etc/security.local | | 16 | lines to /etc/security.local |
| 17 | | | 17 | |
| 18 | if [ -x ${PREFIX}/sbin/audit-packages ]; then | | 18 | if [ -x ${PREFIX}/sbin/audit-packages ]; then |
| 19 | ${PREFIX}/sbin/audit-packages | | 19 | ${PREFIX}/sbin/audit-packages |
| 20 | fi | | 20 | fi |
| 21 | | | 21 | |
| 22 | Alternatively this can also be acomplished by adding an entry to a users | | 22 | Alternatively this can also be acomplished by adding an entry to a user's |
| 23 | crontab(5) file. e.g.: | | 23 | crontab(5) file. e.g.: |
| 24 | | | 24 | |
| 25 | # run audit-packages | | 25 | # run audit-packages |
| 26 | 0 3 * * * ${PREFIX}/sbin/audit-packages | | 26 | 0 3 * * * ${PREFIX}/sbin/audit-packages |
| 27 | | | 27 | |
| 28 | audit-packages and/or download-vulnerability-list need not be run by | | 28 | audit-packages and/or download-vulnerability-list need not be run by |
| 29 | the root user. They will function as an unpriveleged user just so | | 29 | the root user. They will function as an unprivileged user, as long |
| 30 | long as the user chosen has permmission to write the pkg-vulnerabilites | | 30 | as the user chosen has permission to write the pkg-vulnerabilites |
| 31 | to ${PKGVULNDIR}. | | 31 | to ${PKGVULNDIR}. |
| 32 | | | 32 | |
| 33 | A sample audit-packages.conf has been installed to: | | 33 | A sample audit-packages.conf has been installed to: |
| 34 | | | 34 | |
| 35 | ${EGDIR}/audit-packages.conf | | 35 | ${EGDIR}/audit-packages.conf |
| 36 | | | 36 | |
| 37 | You may want to customise this file and copy it to | | 37 | You may want to customise this file and copy it to |
| 38 | ${PKG_SYSCONFDIR}/audit-packages.conf. | | 38 | ${PKG_SYSCONFDIR}/audit-packages.conf. |
| 39 | If you want to use signature verification you will need to install GnuPG and | | 39 | If you want to use signature verification you will need to install GnuPG and |
| 40 | set the path for GPG appropriately in your audit-packages.conf. See | | 40 | set the path for GPG appropriately in your audit-packages.conf. See |
| 41 | audit-packages.conf(5) and audit-packages(8) for further information. | | 41 | audit-packages.conf(5) and audit-packages(8) for further information. |
| 42 | | | | |
| 43 | =========================================================================== | | 42 | =========================================================================== |