Posts Tagged ‘FreeBSD audit’

Feb 15

Ensure portaudit and portupgrade are installed:

> cd /usr/ports/ports-mgmt/portaudit
> make install clean

> cd /usr/ports/ports-mgmt/portupgrade
> make install clean

> rehash

then simply run:
> portaudit -a

If you already have portaudit installed, ensure your portaudit database is up to date:
> portaudit -Fd

and upgrade affected packages using
> portupgrade <<package name>>

You might want to ensure your port’s database is up to date before hand using cvsup or portsnap

I would however recommend portsnap over cvsup – see excerpt from portsnap pkg-description file:

"Portsnap is a system for securely updating the ports tree by
distributing signed compressed snapshots.  This is the client
half of that system; it downloads compressed snapshots into
/usr/local/portsnap ("portsnap fetch") and uses those to extract
a ports tree into /usr/ports ("portsnap extract") or update an
existing tree ("portsnap update").

In addition to operating entirely over HTTP, portsnap can use under
a tenth of the bandwidth required by CVSup if a copy of the ports
tree is being updated every few days.

WWW: http://www.daemonology.net/portsnap/

- Colin Percival"

To install portsnap (if not already installed):

> cd /usr/ports/ports-mgmt/portsnap
> make install clean

Then simply run

> portsnap fetch update

For further information regarding FreeBSD vulnerability auditing, please see this great post:

http://blogs.techrepublic.com.com/security/?p=477