| @@ -1,15 +1,15 @@ | | | @@ -1,15 +1,15 @@ |
| 1 | =========================================================================== | | 1 | =========================================================================== |
| 2 | $NetBSD: MESSAGE,v 1.5 2009/02/02 12:34:59 joerg Exp $ | | 2 | $NetBSD: MESSAGE,v 1.6 2014/12/05 14:31:07 schmonz Exp $ |
| 3 | | | 3 | |
| 4 | You may wish to have the vulnerabilities file downloaded daily so that | | 4 | You may wish to have the vulnerabilities file downloaded daily so that |
| 5 | it remains current. This may be done by adding an appropriate entry | | 5 | it remains current. This may be done by adding an appropriate entry |
| 6 | to a user's crontab(5) entry. For example the entry | | 6 | to a user's crontab(5) entry. For example the entry |
| 7 | | | 7 | |
| 8 | # download vulnerabilities file | | 8 | # download vulnerabilities file |
| 9 | 0 3 * * * ${PREFIX}/sbin/pkg_admin fetch-pkg-vulnerabilities >/dev/null 2>&1 | | 9 | 0 3 * * * ${PREFIX}/sbin/pkg_admin fetch-pkg-vulnerabilities >/dev/null 2>&1 |
| 10 | | | 10 | |
| 11 | will update the vulnerability list every day at 3AM. You may wish to do | | 11 | will update the vulnerability list every day at 3AM. You may wish to do |
| 12 | this more often than once a day. | | 12 | this more often than once a day. |
| 13 | | | 13 | |
| 14 | In addition, you may wish to run the package audit from the daily | | 14 | In addition, you may wish to run the package audit from the daily |
| 15 | security script. This may be accomplished by adding the following | | 15 | security script. This may be accomplished by adding the following |
| @@ -17,21 +17,21 @@ lines to /etc/security.local | | | @@ -17,21 +17,21 @@ lines to /etc/security.local |
| 17 | | | 17 | |
| 18 | if [ -x ${PREFIX}/sbin/pkg_admin ]; then | | 18 | if [ -x ${PREFIX}/sbin/pkg_admin ]; then |
| 19 | ${PREFIX}/sbin/pkg_admin audit | | 19 | ${PREFIX}/sbin/pkg_admin audit |
| 20 | fi | | 20 | fi |
| 21 | | | 21 | |
| 22 | Alternatively this can also be acomplished by adding an entry to a user's | | 22 | Alternatively this can also be acomplished by adding an entry to a user's |
| 23 | crontab(5) file. e.g.: | | 23 | crontab(5) file. e.g.: |
| 24 | | | 24 | |
| 25 | # run audit-packages | | 25 | # run audit-packages |
| 26 | 0 3 * * * ${PREFIX}/sbin/pkg_admin audit | | 26 | 0 3 * * * ${PREFIX}/sbin/pkg_admin audit |
| 27 | | | 27 | |
| 28 | Both pkg_admin subcommands can be run as as an unprivileged user, | | 28 | Both pkg_admin subcommands can be run as as an unprivileged user, |
| 29 | as long as the user chosen has permission to read the pkgdb and to write | | 29 | as long as the user chosen has permission to read the pkgdb and to write |
| 30 | the pkg-vulnerabilites to ${PKGVULNDIR}. | | 30 | the pkg-vulnerabilities to ${PKGVULNDIR}. |
| 31 | | | 31 | |
| 32 | The behavior of pkg_admin and pkg_add can be customised with | | 32 | The behavior of pkg_admin and pkg_add can be customised with |
| 33 | pkg_install.conf. Please see pkg_install.conf(5) for details. | | 33 | pkg_install.conf. Please see pkg_install.conf(5) for details. |
| 34 | | | 34 | |
| 35 | If you want to use GPG signature verification you will need to install | | 35 | If you want to use GPG signature verification you will need to install |
| 36 | GnuPG and set the path for GPG appropriately in your pkg_install.conf. | | 36 | GnuPG and set the path for GPG appropriately in your pkg_install.conf. |
| 37 | =========================================================================== | | 37 | =========================================================================== |