New package security checks

January 19, 2010 posted by Julio Merino

The pkgsrc tools have had, for a long time, the ability to validate the installed packages against a database of known vulnerabilities. We have encouraged administrators to add the proper commands to their crontabs to refresh the database and to run the package auditing command. But... the package tools are shipped with the system, and we ship a crontab for root... we could do better then, could we?

As of now, the /etc/daily script, which is part of the default root crontab, will refresh the vulnerabilities database. And the /etc/security script, executed by /etc/daily, will run the vulnerability and integrity checks provided by pkg_admin. The result is that you will get all the package auditing checks out of the box as soon as you start installing packages on a NetBSD system!

All of these settings are, of course, tunable through /etc/daily.conf and /etc/security.conf, and they will only run if they detect any installed packages.





Posted by bugra on February 11, 2010 at 03:02 PM UTC #

Just to let you know, when using pkgsrc on a non-NetBSD system, use the bmake command instead of “make” to run the NetBSD make, which is required for correct pkgsrc operation. Simply substitute “bmake” for “make” in pkgsrc documentation.

Posted by tom shaw on January 17, 2011 at 12:17 PM UTC #

Hi Tom, Thanks for the info. Can't understand why won't it works with "make" command?

Posted by Matt at Clean My PC on April 02, 2011 at 10:35 AM UTC #

Post a Comment:
Comments are closed for this entry.