FreeBSD - Tutorials, Security
Home   Archives   Sitemap   About   Contact

FreeBSD: How to enable vulnerability check while installing a port?

Home NEW! Unix Forum News 100 Tips and Tricks Website Development Server Operating Systems Databases
 Ivorde.ROarrow Server Operating Systems arrowProblems and SolutionsarrowFreeBSD: How to enable vulnerability check while installing a port? 

Article Sections

    Hello, Guest !
User name:
Password:
 
Google

 SSD VPS Hosting - Vpsie.com
 Mo.nitor.me
 Ivorde forum
 FreeBSD Tutorials
 Linux LVM Commands
 Free Shell Accounts
 FreeBSD Project
 FreeBSD Handbook
 Advanced Bash-Scripting Guide
 The OpenBSD Project
 Distrowatch
 FreeBSD Handbook


Apache Webserver Home Page

Posted on: 14 May 2008
Author: mandrei
Section: Server Operating Systems | Problems and Solutions
Views: 1026
Comments: 1 (Add)

FreeBSD: How to enable vulnerability check while installing a port?
FreeBSD: How to enable vulnerability check while installing a port?

 



FreeBSD: How to enable vulnerability check while installing a port?

The FreeBSD ports system is one of the most mature package installation systems. It provides a modality for vulnerability check of each port when installing it:

[/usr/ports/www/apache13]# make install clean
===> Fetching all distfiles for apache-1.3.29_1 and dependencies
===> Vulnerability check disabled

The above message is displayed when vulnerability check is not enabled.

Enabling port vulnerability check in FreeBSD

# cd /usr/ports/ports-mgmt/portaudit && make install clean

 Note: If your ports collection is very outdated, you will find this port in /usr/ports/security/portaudit, but, most probably, you will not be able to install it => update your ports collection.

Now, the vulnerability check on your FreeBSD system is enabled and every port will be check for vulnerabilities, uppon installation.

[/usr/ports/www/apache13-modssl]# make install clean
apache13-modssl-1.3.30 has known vulnerabilities:

=> apache13-modssl -- format string vulnerability in proxy support.
Reference: http://www.freebsd.org/ports/portaudit/18974c8a-1fbd-11d9-814e-0001020eed82.html>
=> Please update your ports tree and try again.
*** Error code 1

Stop in /usr/ports/www/apache13-modssl.

 This message appears after you have installed portaudit and you are trying to install a port which for which there is a vulnerability report.

In order to have the lastest vulnerability database for portaudit, run:

# portaudit -Fd

 or you can put up a cron job to do this daily.

Examples:
     Fetch the current database and print its creation date:

# portaudit -Fd


     Print a vulnerability report for all installed packages:

# portaudit -a


     Print a vulnerability report for a remote machine:

# ssh remote.example pkg_info | awk '{ print $1 }' | xargs portaudit


     Print a vulnerability report for the local INDEX:

# portaudit -f /usr/ports/INDEX-6


     Print a vulnerability report for the current set of prebuild packages:

# curl -l  ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/All/
| sed -n -e 's/.t[bg]z[[:cntrl:]]*$//p' | portaudit -f -

 

Below is output from man portaudit:        

PORTAUDIT(1)               FreeBSD ports collection               PORTAUDIT(1)

NAME
     portaudit -- system to check installed packages for known vulnerabilities

SYNOPSIS
     portaudit [-aCdFqvV] [-X days] [-f file] [-r eregex] [pkg-name ...]

DESCRIPTION
     portaudit checks installed packages for known vulnerabilities and gener-
     ates reports including references to security advisories.  Its intended
     audience is system administrators and individual users.

     portaudit uses a database maintained by port committers and the FreeBSD
     security team to check if security advisories for any installed packages
     exist.  Note that a current ports tree (or any local copy of the ports
     tree) is not required for operation.

     This package also installs a script into /usr/local/etc/periodic/security
     that regularly updates this database and includes a report of vulnerable
     packages in the daily security report.

     If you have a vulnerable package installed, you are advised to update or
     deinstall it immediately.

OPTIONS
     The following options are supported:

     -a  Print a vulnerability report for all installed packages.

     -C  Print a vulnerability report for the port in the current working
         directory.  Mostly useful for port developers.

     -d  Print the creation date of the database.

     -F  Fetch the current database from the FreeBSD servers.

     -q  Quiet mode.

     -V  Show portaudit version number.

     -v  Verbose mode.

     -X days
         Download a fresh database when the local is at least days old.

     -f file
         Check the packages listed in file for known vulnerabilities.

     -r eregex
         Restrict listed vulnerabilities to those where a reference matches
         egrep(1) pattern eregex.  Useful to test new entries.

     pkg-name ...
         Test whether pkg-name is listed in the audit database.

     If no options are given, portaudit prints a vulnerability report for all
     installed packages.
Bookmarks: Echo "FreeBSD: How to enable vulnerability check while installing a port?" around:
del.icio.usdiggFurlYahooMyWebGoogleBookmarksFaceBookTechnocratti
-------------------advertising-----------------

Other articles in Server Operating Systems / Problems and Solutions
» FreeBSD force port installation/upgrade even though portaudit reports vulnerability for it
» How to check for vulnerabilities installed ports on FreeBSD box
» How to start/enable telnet on a FreeBSD server
» Error installing world on FreeBSD 6.3
» Packet Filter broken on FreeBSD 6.2 ? Unusual pf error




Contact webmaster regarding this article
Register or Login to post your article
Hello, Guest ! You can Login or Register to www.ivorde.ro!

 Post comment:

Name:
Title:
Comment:
Please type the word you see in the image (anti-spam verification). Refresh the page if you don't understand the word.
Allowed HTML Tags for comments:<p><strong><em><u><h1><h2><h3><h4><h5><h6><img><li>
<ol><ul><span><div><br><ins><del>

1 comment(s) to FreeBSD: How to enable vulnerability check while installing a port?:

1. Re: FreeBSD: How to enable vulnerability check while installing a port?
hoi by good at January 04th, 2012 - 05:20
is very good

   Latest topics on the forum:
 
   Most viewed articles:
How to copy a mysql database using mysqldump - 10481 views
How to change a user's password in AIX with the output from ECHO command - 9575 views
FreeBSD: Add/remove an additional IP alias - 6753 views
Qmail relay to smarthost: How to route all mail to a smarthost - 4465 views
Change user shell on FreeBSD Linux and AIX - 3192 views

   Latest 10 articles:
Qmail relay to smarthost: How to route all mail to a smarthost - 03 Feb 2009
EXIM 4 relay to smarthost: How to route all mail except local domain - 03 Feb 2009
Windows XP: print LISTEN ports and network connections using netstat - 30 Jan 2009
How to cut out first last n characters from each file name, from a filelist - 04 Nov 2008
Mozilla Firefox3 is now released - 18 Jun 2008
How to switch lower case to upper case and upper case to lower case in a string - 17 Jun 2008
How to rename files/directories to uppercase/lowercase character names - 17 Jun 2008
How to convert lower case to upper case letters in a shell script/command - 17 Jun 2008
Unix,Linux,FreeBSD - How to rename a list of files, replacing spaces inside their names - 12 Jun 2008
How to change a user's password in AIX with the output from ECHO command - 21 May 2008


Archives
» 2007  |  June  |  October  |  November  |  December
» 2008  |  January  |  February  |  March  |  April  |  May  |  June  |  November
» 2009  |  January  |  February



Home | Archives | Sitemap | About | Contact

Designed and developed by Andrei Manescu. Optimized for Mozilla Firefox.  
Copyright 2007 Andrei Manescu
All trademarks and copyrights on this page are owned by their respective owners. Comments are owned by those who posted them.
Valid W3 Document Valid XHTML 1.0 Transitional Valid CSS! The FreeBSD Project Viewable With Any Browser