37 lines
1.4 KiB
Text
37 lines
1.4 KiB
Text
===========================================================================
|
|
$NetBSD: MESSAGE,v 1.6 2014/12/05 14:31:07 schmonz Exp $
|
|
|
|
You may wish to have the vulnerabilities file downloaded daily so that
|
|
it remains current. This may be done by adding an appropriate entry
|
|
to a user's crontab(5) entry. For example the entry
|
|
|
|
# download vulnerabilities file
|
|
0 3 * * * ${PREFIX}/sbin/pkg_admin fetch-pkg-vulnerabilities >/dev/null 2>&1
|
|
|
|
will update the vulnerability list every day at 3AM. You may wish to do
|
|
this more often than once a day.
|
|
|
|
In addition, you may wish to run the package audit from the daily
|
|
security script. This may be accomplished by adding the following
|
|
lines to /etc/security.local
|
|
|
|
if [ -x ${PREFIX}/sbin/pkg_admin ]; then
|
|
${PREFIX}/sbin/pkg_admin audit
|
|
fi
|
|
|
|
Alternatively this can also be acomplished by adding an entry to a user's
|
|
crontab(5) file. e.g.:
|
|
|
|
# run audit-packages
|
|
0 3 * * * ${PREFIX}/sbin/pkg_admin audit
|
|
|
|
Both pkg_admin subcommands can be run as as an unprivileged user,
|
|
as long as the user chosen has permission to read the pkgdb and to write
|
|
the pkg-vulnerabilities to ${PKGVULNDIR}.
|
|
|
|
The behavior of pkg_admin and pkg_add can be customised with
|
|
pkg_install.conf. Please see pkg_install.conf(5) for details.
|
|
|
|
If you want to use GPG signature verification you will need to install
|
|
GnuPG and set the path for GPG appropriately in your pkg_install.conf.
|
|
===========================================================================
|