| @@ -1,15 +1,15 @@ | | | @@ -1,15 +1,15 @@ |
1 | =========================================================================== | | 1 | =========================================================================== |
2 | $NetBSD: MESSAGE,v 1.5 2009/02/02 12:34:59 joerg Exp $ | | 2 | $NetBSD: MESSAGE,v 1.6 2014/12/05 14:31:07 schmonz Exp $ |
3 | | | 3 | |
4 | You may wish to have the vulnerabilities file downloaded daily so that | | 4 | You may wish to have the vulnerabilities file downloaded daily so that |
5 | it remains current. This may be done by adding an appropriate entry | | 5 | it remains current. This may be done by adding an appropriate entry |
6 | to a user's crontab(5) entry. For example the entry | | 6 | to a user's crontab(5) entry. For example the entry |
7 | | | 7 | |
8 | # download vulnerabilities file | | 8 | # download vulnerabilities file |
9 | 0 3 * * * ${PREFIX}/sbin/pkg_admin fetch-pkg-vulnerabilities >/dev/null 2>&1 | | 9 | 0 3 * * * ${PREFIX}/sbin/pkg_admin fetch-pkg-vulnerabilities >/dev/null 2>&1 |
10 | | | 10 | |
11 | will update the vulnerability list every day at 3AM. You may wish to do | | 11 | will update the vulnerability list every day at 3AM. You may wish to do |
12 | this more often than once a day. | | 12 | this more often than once a day. |
13 | | | 13 | |
14 | In addition, you may wish to run the package audit from the daily | | 14 | In addition, you may wish to run the package audit from the daily |
15 | security script. This may be accomplished by adding the following | | 15 | security script. This may be accomplished by adding the following |
| @@ -17,21 +17,21 @@ lines to /etc/security.local | | | @@ -17,21 +17,21 @@ lines to /etc/security.local |
17 | | | 17 | |
18 | if [ -x ${PREFIX}/sbin/pkg_admin ]; then | | 18 | if [ -x ${PREFIX}/sbin/pkg_admin ]; then |
19 | ${PREFIX}/sbin/pkg_admin audit | | 19 | ${PREFIX}/sbin/pkg_admin audit |
20 | fi | | 20 | fi |
21 | | | 21 | |
22 | Alternatively this can also be acomplished by adding an entry to a user's | | 22 | Alternatively this can also be acomplished by adding an entry to a user's |
23 | crontab(5) file. e.g.: | | 23 | crontab(5) file. e.g.: |
24 | | | 24 | |
25 | # run audit-packages | | 25 | # run audit-packages |
26 | 0 3 * * * ${PREFIX}/sbin/pkg_admin audit | | 26 | 0 3 * * * ${PREFIX}/sbin/pkg_admin audit |
27 | | | 27 | |
28 | Both pkg_admin subcommands can be run as as an unprivileged user, | | 28 | Both pkg_admin subcommands can be run as as an unprivileged user, |
29 | as long as the user chosen has permission to read the pkgdb and to write | | 29 | as long as the user chosen has permission to read the pkgdb and to write |
30 | the pkg-vulnerabilites to ${PKGVULNDIR}. | | 30 | the pkg-vulnerabilities to ${PKGVULNDIR}. |
31 | | | 31 | |
32 | The behavior of pkg_admin and pkg_add can be customised with | | 32 | The behavior of pkg_admin and pkg_add can be customised with |
33 | pkg_install.conf. Please see pkg_install.conf(5) for details. | | 33 | pkg_install.conf. Please see pkg_install.conf(5) for details. |
34 | | | 34 | |
35 | If you want to use GPG signature verification you will need to install | | 35 | If you want to use GPG signature verification you will need to install |
36 | GnuPG and set the path for GPG appropriately in your pkg_install.conf. | | 36 | GnuPG and set the path for GPG appropriately in your pkg_install.conf. |
37 | =========================================================================== | | 37 | =========================================================================== |