From TykWiki
Jump to navigationJump to search

Portaudit checks your installed ports for vulnerabilities. From the [man page]:

portaudit uses a database maintained by port committers and the FreeBSD 
security team to check if security advisories for any installed packages 

I like to have it installed because it is impossible to stay current with every single packages security announcements. It provides an easy way for me to know when I need to pay attention to a certain box.

Portaudit install a script in /usr/local/etc/periodic/security that keeps the vulnerability database up to date. It also puts a list of ports with vulnerabilities in daily security report sent to root, like in the bottom of this security run output mail from one of my boxes:

Checking setuid files and devices:

Checking for uids of 0:
root 0
toor 0

Checking for passwordless accounts:

doobie.tyknet.cn.dom pf denied packets:
+++ /tmp/security.ZbkQjw84	2009-03-10 05:09:41.000000000 +0100
+block drop log all [ Evaluations: 26537032 Packets: 1777 Bytes: 274697 States: 0 ]

doobie.tyknet.cn.dom kernel log messages:
+++ /tmp/security.BUzTspDS	2009-03-10 05:09:42.000000000 +0100

doobie.tyknet.cn.dom login failures:

doobie.tyknet.cn.dom refused connections:

Checking for a current audit database:

Downloading fresh database.
auditfile.tbz                                           54 kB   58 kBps
New database installed.
Database created: Tue Mar 10 04:40:01 CET 2009

Checking for packages with security vulnerabilities:

Affected package: curl-7.19.2
Type of problem: curl -- cURL/libcURL Location: Redirect URLs Security Bypass.
Reference: <http://www.FreeBSD.org/ports/portaudit/5d433534-f41c-402e-ade5-e0a2259a7cb6.html>

Affected package: awstats-6.8_1,1
Type of problem: awstats -- multiple XSS vulnerabilities.
Reference: <http://www.FreeBSD.org/ports/portaudit/27d78386-d35f-11dd-b800-001b77d09812.html>

Affected package: libspf2-1.0.4_1
Type of problem: libspf2 -- Buffer overflow.
Reference: <http://www.FreeBSD.org/ports/portaudit/2ddbfd29-a455-11dd-a55e-00163e000016.html>

3 problem(s) in your installed packages found.

You are advised to update or deinstall the affected package(s) immediately.

-- End of security output --

As you can see, I have three packages on this system I need to update. This gives me an easy way of keeping an eye on many boxes at once. If you ever need to check for vulnerabilities right now, just run the command portaudit, you don't even need to be root to run it.

Portaudit has got to be one of the easiest pieces of software around:

  • Step 1: sudo portmaster /usr/ports/ports-mgmt/portaudit
  • Step 2: Check your mail daily to see if any vulnerabilities has been found in your installed ports.