Ensure portaudit and portupgrade are installed:
> cd /usr/ports/ports-mgmt/portaudit
> make install clean
> cd /usr/ports/ports-mgmt/portupgrade
> make install clean
> rehash
then simply run:
> portaudit -a
If you already have portaudit installed, ensure your portaudit database is up to date:
> portaudit -Fd
and upgrade affected packages using
> portupgrade <<package name>>
You might want to ensure your port’s database is up to date before hand using cvsup or portsnap
I would however recommend portsnap over cvsup – see excerpt from portsnap pkg-description file:
"Portsnap is a system for securely updating the ports tree by distributing signed compressed snapshots. This is the client half of that system; it downloads compressed snapshots into /usr/local/portsnap ("portsnap fetch") and uses those to extract a ports tree into /usr/ports ("portsnap extract") or update an existing tree ("portsnap update"). In addition to operating entirely over HTTP, portsnap can use under a tenth of the bandwidth required by CVSup if a copy of the ports tree is being updated every few days. WWW: http://www.daemonology.net/portsnap/ - Colin Percival"
To install portsnap (if not already installed):
> cd /usr/ports/ports-mgmt/portsnap
> make install clean
Then simply run
> portsnap fetch update
For further information regarding FreeBSD vulnerability auditing, please see this great post:
http://blogs.techrepublic.com.com/security/?p=477
Tags: FreeBSD audit, FreeBSD security
Categories: FreeBSD