« FreeBSD Resource | Main | 10MB or 100MB Uplink? »

June 12, 2005

portaudit

After the email server problem, I started to pay close attention to the ports update, the lesson told me it's ultra important to keep all packages up to date. Actually all information about how to handle ports is in the handbook, read it carefully if you haven't, only several small pages.

Besides CVSup to keep your ports tree up to date, another very important program is portaudit, it's extremely convenient to monitor all installed packages.

portaudit checks installed packages for known vulnerabilities and generates reports including references to security advisories.

Two simple commands get everything done:
1. Fetch the current database of known vulnerabilities from the FreeBSD servers. It's recommended to run this command before you install any new ports, you will be warned if you are installing a package with known vulnerabilities.
# portaudit -F

2. Print a vulnerability report for all installed packages, can you find any other easier means? ;-)
% portaudit -a (Here I use % to indicate that the command doesn't need root privilege, this rule applies to all new blog entries).

Portaudit follow-up

I ran "portaudit -a" on my server and got the following report, updated all packages except for MySQL, I just can't start it, and no error messages. (Update: this is due to the changes of mysql start script)

Category : Security

Posted by FreeBSD Newbie at June 12, 2005 02:06 AM

Comments

Post a comment

Name:

Email Address:
(Optional, will not be shown to the public)

Remember Me? YesNo

Comments: (Comment with any URL will be discarded due to crazy spambots.