mirror of
https://git.FreeBSD.org/ports.git
synced 2024-12-26 05:02:18 +00:00
176 lines
4.5 KiB
Groff
176 lines
4.5 KiB
Groff
.\" Copyright (c) 2004 Oliver Eikemeier. All rights reserved.
|
|
.\"
|
|
.\" Redistribution and use in source and binary forms, with or without
|
|
.\" modification, are permitted provided that the following conditions are
|
|
.\" met:
|
|
.\"
|
|
.\" 1. Redistributions of source code must retain the above copyright notice
|
|
.\" this list of conditions and the following disclaimer.
|
|
.\"
|
|
.\" 2. Redistributions in binary form must reproduce the above copyright
|
|
.\" notice, this list of conditions and the following disclaimer in the
|
|
.\" documentation and/or other materials provided with the distribution.
|
|
.\"
|
|
.\" 3. Neither the name of the author nor the names of its contributors may be
|
|
.\" used to endorse or promote products derived from this software without
|
|
.\" specific prior written permission.
|
|
.\"
|
|
.\" THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES,
|
|
.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
|
|
.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
|
|
.\" COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
|
|
.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
|
|
.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
|
|
.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
|
|
.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
|
|
.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
|
|
.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
|
|
.\"
|
|
.\" $FreeBSD$
|
|
.\"
|
|
.Dd March 15, 2007
|
|
.Os
|
|
.Dt PORTAUDIT \&1 "FreeBSD ports collection"
|
|
.
|
|
.
|
|
.Sh NAME
|
|
.
|
|
.Nm portaudit
|
|
.Nd system to check installed packages for known vulnerabilities
|
|
.
|
|
.
|
|
.Sh SYNOPSIS
|
|
.
|
|
.Nm
|
|
.Op Fl aCdFqvV
|
|
.Op Fl X Ar days
|
|
.Op Fl f Ar file
|
|
.Op Fl r Ar eregex
|
|
.Op Ar pkg-name ...
|
|
.
|
|
.
|
|
.Sh DESCRIPTION
|
|
.
|
|
.Nm
|
|
checks installed packages for known vulnerabilities and generates reports
|
|
including references to security advisories.
|
|
Its intended audience is system administrators and individual users.
|
|
.Pp
|
|
.Nm
|
|
uses a database maintained by port committers and the FreeBSD security team
|
|
to check if security advisories for any installed packages exist.
|
|
Note that a current ports tree (or any local copy of the ports tree) is not
|
|
required for operation.
|
|
.Pp
|
|
This package also installs a script into %%PREFIX%%/etc/periodic/security
|
|
that regularly updates this database and includes a report of vulnerable
|
|
packages in the daily security report.
|
|
.Pp
|
|
If you have a vulnerable package installed, you are advised to update or
|
|
deinstall it immediately.
|
|
.
|
|
.
|
|
.Sh OPTIONS
|
|
.
|
|
The following options are supported:
|
|
.Bl -tag -width ".Fl X"
|
|
.It Fl a
|
|
Print a vulnerability report for all installed packages.
|
|
.It Fl C
|
|
Print a vulnerability report for the port in the current working directory.
|
|
Mostly useful for port developers.
|
|
.It Fl d
|
|
Print the creation date of the database.
|
|
.It Fl F
|
|
Fetch the current database from the
|
|
.Fx
|
|
servers.
|
|
.It Fl q
|
|
Quiet mode.
|
|
.It Fl V
|
|
Show
|
|
.Nm
|
|
version number.
|
|
.It Fl v
|
|
Verbose mode.
|
|
.It Fl X Ar days
|
|
Download a fresh database when the local is at least
|
|
.Ar days
|
|
old.
|
|
.It Fl f Ar file
|
|
Check the packages listed in
|
|
.Ar file
|
|
for known vulnerabilities.
|
|
.It Fl r Ar eregex
|
|
Restrict listed vulnerabilities to those where a reference matches
|
|
.Xr egrep 1
|
|
pattern
|
|
.Ar eregex .
|
|
Useful to test new entries.
|
|
.It Ar pkg-name ...
|
|
Test whether
|
|
.Ar pkg-name
|
|
is listed in the audit database.
|
|
.El
|
|
.Pp
|
|
If no options are given,
|
|
.Nm
|
|
prints a vulnerability report for all installed packages.
|
|
.
|
|
.
|
|
.Sh EXAMPLES
|
|
.
|
|
.Bl -item
|
|
.It
|
|
Fetch the current database and print its creation date:
|
|
.Pp
|
|
.Dl "portaudit -Fd"
|
|
.It
|
|
Print a vulnerability report for all installed packages:
|
|
.Pp
|
|
.Dl "portaudit -a"
|
|
.It
|
|
Print a vulnerability report for a remote machine:
|
|
.Pp
|
|
.Dl "ssh remote.example pkg_info | awk '{ print $1 }' | xargs portaudit"
|
|
.It
|
|
Print a vulnerability report for the local INDEX:
|
|
.Pp
|
|
.Dl "portaudit -f %%PORTSDIR%%/%%INDEXFILE%%"
|
|
.It
|
|
Print a vulnerability report for the current set of prebuild packages:
|
|
.Pp
|
|
.Dl "curl -l ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/All/ | sed -n -e 's/\.t[bg]z[[:cntrl:]]*$//p' | portaudit -f -"
|
|
.El
|
|
.
|
|
.
|
|
.Sh FILES
|
|
.
|
|
.Pa %%PREFIX%%/etc/portaudit.conf ,
|
|
.Pa %%DATABASEDIR%%/auditfile.tbz
|
|
.
|
|
.
|
|
.Sh SEE ALSO
|
|
.
|
|
.Xr ports 7 ,
|
|
.Xr periodic.conf 5 ,
|
|
.Pa http://www.FreeBSD.org/ports/portaudit/ ,
|
|
.Pa http://www.FreeBSD.org/security/#adv ,
|
|
.Pa http://VuXML.FreeBSD.org/ .
|
|
.
|
|
.
|
|
.Sh BUGS
|
|
.
|
|
Sure to be some.
|
|
.
|
|
.
|
|
.Sh AUTHOR
|
|
.
|
|
.An Oliver Eikemeier Aq eik@FreeBSD.org
|
|
.
|
|
.
|
|
.Sh HISTORY
|
|
.
|
|
Package auditing first appeared in
|
|
.Nx 1.4.3 .
|