DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 7th May 2008
mfaridi's Avatar
mfaridi mfaridi is offline
Spam Deminer
 
Join Date: May 2008
Location: Afghanistan
Posts: 282
Thanked 5 Times in 5 Posts
Default WARNING: Vulnerability database out of date, checking anyway

I use FreeBSD 7 , and want install some packages by Port
If I want install some package I see this error

Code:
 WARNING: Vulnerability database out of date, checking anyway
How I fix this

I see this error in install ntop , enlightenment , gtk12 , ...
Reply With Quote
  #2   (View Single Post)  
Old 7th May 2008
mtx's Avatar
mtx mtx is offline
Real Name: Valentin Bud
Fdisk Soldier
 
Join Date: May 2008
Location: RO/TM
Posts: 79
Thanked 5 Times in 3 Posts
Default

have you installed /usr/ports/security/portaudit and ran
Code:
portaudit -Fda
-F to fetch the database from freebsd servers
-a to print the vulnerabilities or all installed packages
-d print the creation of the database
^ from the man page

all the best,
v
__________________
Stop! think! ... the problem is somewhere between the monitor and chair...
"First they ignore you, then they laugh at you, then they fight you, then you win." Gandhi
links: spreadbsd syk
Reply With Quote
  #3   (View Single Post)  
Old 7th May 2008
mfaridi's Avatar
mfaridi mfaridi is offline
Spam Deminer
 
Join Date: May 2008
Location: Afghanistan
Posts: 282
Thanked 5 Times in 5 Posts
Default

Quote:
Originally Posted by mtx View Post
have you installed /usr/ports/security/portaudit and ran
Code:
portaudit -Fda
-F to fetch the database from freebsd servers
-a to print the vulnerabilities or all installed packages
-d print the creation of the database
^ from the man page

all the best,
v
Yes I install this package and run it and find some package with security risk
Reply With Quote
  #4   (View Single Post)  
Old 7th May 2008
mtx's Avatar
mtx mtx is offline
Real Name: Valentin Bud
Fdisk Soldier
 
Join Date: May 2008
Location: RO/TM
Posts: 79
Thanked 5 Times in 3 Posts
Default

Quote:
Originally Posted by mfaridi View Post

Code:
 WARNING: Vulnerability database out of date, checking anyway
looks like you already had portaudit installed but the database was out of date.
refreshing the database should be done automatically from daily periodic scripts.

Quote:
Yes I install this package and run it and find some package with security risk
update those packages if you like to

all the best,
v
__________________
Stop! think! ... the problem is somewhere between the monitor and chair...
"First they ignore you, then they laugh at you, then they fight you, then you win." Gandhi
links: spreadbsd syk
Reply With Quote
  #5   (View Single Post)  
Old 7th May 2008
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Old man from scene 24
 
Join Date: Apr 2008
Location: Eindhoven, Netherlands
Posts: 2,068
Thanked 198 Times in 156 Posts
Default

Well, you should see if the issues affect you, and uprade as neccesary.

The "Vulnerability database out of date" should be gone now, portaudit is now run on every port installation to make sure you're not installing ports with know security issues.

portaudit also added /usr/local/etc/periodic/security/410.portaudit
This script automatically updates the portaudit database and checks all ports for known vulnerabilities when periodic daily is run (usually from cron, it's in /etc/crontab by default).

To enable it add:
Code:
daily_status_security_portaudit_enable="YES"
to /etc/periodic.conf

See periodic(8) and periodic.conf(5), and portaudit(1) for more information.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #6   (View Single Post)  
Old 7th May 2008
mtx's Avatar
mtx mtx is offline
Real Name: Valentin Bud
Fdisk Soldier
 
Join Date: May 2008
Location: RO/TM
Posts: 79
Thanked 5 Times in 3 Posts
Default

Quote:
Originally Posted by Carpetsmoker View Post
To enable it add:
Code:
daily_status_security_portaudit_enable="YES"
to /etc/periodic.conf
@ Carpetsmoker
strange thing now that you mention it. i don't have an /etc/periodic.conf
file and never added
Code:
daily_status_security_portaudit_enable="YES"
to it _but_ the daily portaudit check still runs. how is that possible? thank you

all the best,
v
__________________
Stop! think! ... the problem is somewhere between the monitor and chair...
"First they ignore you, then they laugh at you, then they fight you, then you win." Gandhi
links: spreadbsd syk
Reply With Quote
  #7   (View Single Post)  
Old 7th May 2008
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Old man from scene 24
 
Join Date: Apr 2008
Location: Eindhoven, Netherlands
Posts: 2,068
Thanked 198 Times in 156 Posts
Default

Quote:
strange thing now that you mention it. i don't have an /etc/periodic.conf
periodic.conf works like rc.conf, the defaults are in /etc/defaults/periodic.conf and /etc/periodic.conf overrides these settings.

I see that portaudit is enabled by default, usually periodic scripts are disabled by default ...

I'm not sure why 410.portaudit didn't run for mfaridi then, maybe he disabled the periodic entries in crontab? Or disabled 410.portaudit in /etc/periodic.conf?
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #8   (View Single Post)  
Old 8th May 2008
mfaridi's Avatar
mfaridi mfaridi is offline
Spam Deminer
 
Join Date: May 2008
Location: Afghanistan
Posts: 282
Thanked 5 Times in 5 Posts
Default

Quote:
Originally Posted by Carpetsmoker View Post
Well, you should see if the issues affect you, and uprade as neccesary.

The "Vulnerability database out of date" should be gone now, portaudit is now run on every port installation to make sure you're not installing ports with know security issues.

portaudit also added /usr/local/etc/periodic/security/410.portaudit
This script automatically updates the portaudit database and checks all ports for known vulnerabilities when periodic daily is run (usually from cron, it's in /etc/crontab by default).

To enable it add:
Code:
daily_status_security_portaudit_enable="YES"
to /etc/periodic.conf

See periodic(8) and periodic.conf(5), and portaudit(1) for more information.
But I can not find periodic.conf
Code:
/etc/
Reply With Quote
  #9   (View Single Post)  
Old 8th May 2008
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Old man from scene 24
 
Join Date: Apr 2008
Location: Eindhoven, Netherlands
Posts: 2,068
Thanked 198 Times in 156 Posts
Default

As I said before:
periodic.conf works like rc.conf, the defaults are in /etc/defaults/periodic.conf and /etc/periodic.conf overrides these settings.

So this means the /etc/periodic.conf does not exist by default, and that you will have to create the file.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
Old 8th May 2008
mfaridi's Avatar
mfaridi mfaridi is offline
Spam Deminer
 
Join Date: May 2008
Location: Afghanistan
Posts: 282
Thanked 5 Times in 5 Posts
Default

Quote:
Originally Posted by Carpetsmoker View Post
As I said before:
periodic.conf works like rc.conf, the defaults are in /etc/defaults/periodic.conf and /etc/periodic.conf overrides these settings.

So this means the /etc/periodic.conf does not exist by default, and that you will have to create the file.
Ok thanks , I will do that
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
cvs warning message inquiry revzalot OpenBSD Installation and Upgrading 1 4th September 2009 12:12 PM
Vulnerability OldCoot OpenBSD Security 5 20th March 2009 07:44 PM
tcpdump snaplen WARNING bsdnewbie999 OpenBSD General 1 17th March 2009 03:24 AM
checking upgrade worked? carpman FreeBSD Installation and Upgrading 2 6th February 2009 11:37 PM
checking if UIC has KDE plugins available... ccc FreeBSD Ports and Packages 14 14th June 2008 09:36 PM


All times are GMT. The time now is 01:32 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick