d61816fcb2
Changes from previous version:
+ rely on an embedded sha1 digest to tell whether the vulnerabilities
file has been damaged in transit or received successfully, rather than
trusting that the file will not grow smaller
+ use the new filename "pkg-vulnerabilities"
+ use definitions from defs.${OPSYS}.mk in the download-vulnerability-list
script
+ at installation time, don't rely on "ln -sf" to DTRT - explicitly call
"rm -f" before attempting the symbolc link
With thanks to seb@ for testing.
22 lines
865 B
Text
22 lines
865 B
Text
===========================================================================
|
|
$NetBSD: MESSAGE,v 1.3 2003/09/02 10:20:27 agc Exp $
|
|
|
|
You may wish to have the vulnerabilities file downloaded daily so that
|
|
it remains current. This may be done by adding an appropriate entry
|
|
to the root users crontab(5) entry. For example the entry
|
|
|
|
# download vulnerabilities file
|
|
0 3 * * * ${PREFIX}/sbin/download-vulnerability-list >/dev/null 2>&1
|
|
|
|
will update the vulnerability list every day at 3AM. You may wish to do
|
|
this more often than once a day.
|
|
|
|
In addition, you may wish to run the package audit from the daily
|
|
security script. This may be accomplished by adding the following
|
|
lines to /etc/security.local
|
|
|
|
if [ -x ${PREFIX}/sbin/audit-packages ]; then
|
|
${PREFIX}/sbin/audit-packages
|
|
fi
|
|
|
|
===========================================================================
|