Portaudit
Portaudit checks your installed ports for vulnerabilities. From the [man page]:
portaudit uses a database maintained by port committers and the FreeBSD security team to check if security advisories for any installed packages exist.
I like to have it installed because it is impossible to stay current with every single packages security announcements. It provides an easy way for me to know when I need to pay attention to a certain box.
Portaudit install a script in /usr/local/etc/periodic/security that keeps the vulnerability database up to date. It also puts a list of ports with vulnerabilities in daily security report sent to root, like in the bottom of this security run output mail from one of my boxes:
Checking setuid files and devices: Checking for uids of 0: root 0 toor 0 Checking for passwordless accounts: doobie.tyknet.cn.dom pf denied packets: +++ /tmp/security.ZbkQjw84 2009-03-10 05:09:41.000000000 +0100 +block drop log all [ Evaluations: 26537032 Packets: 1777 Bytes: 274697 States: 0 ] doobie.tyknet.cn.dom kernel log messages: +++ /tmp/security.BUzTspDS 2009-03-10 05:09:42.000000000 +0100 doobie.tyknet.cn.dom login failures: doobie.tyknet.cn.dom refused connections: Checking for a current audit database: Downloading fresh database. auditfile.tbz 54 kB 58 kBps New database installed. Database created: Tue Mar 10 04:40:01 CET 2009 Checking for packages with security vulnerabilities: Affected package: curl-7.19.2 Type of problem: curl -- cURL/libcURL Location: Redirect URLs Security Bypass. Reference: <http://www.FreeBSD.org/ports/portaudit/5d433534-f41c-402e-ade5-e0a2259a7cb6.html> Affected package: awstats-6.8_1,1 Type of problem: awstats -- multiple XSS vulnerabilities. Reference: <http://www.FreeBSD.org/ports/portaudit/27d78386-d35f-11dd-b800-001b77d09812.html> Affected package: libspf2-1.0.4_1 Type of problem: libspf2 -- Buffer overflow. Reference: <http://www.FreeBSD.org/ports/portaudit/2ddbfd29-a455-11dd-a55e-00163e000016.html> 3 problem(s) in your installed packages found. You are advised to update or deinstall the affected package(s) immediately. -- End of security output --
As you can see, I have three packages on this system I need to update. This gives me an easy way of keeping an eye on many boxes at once. If you ever need to check for vulnerabilities right now, just run the command portaudit, you don't even need to be root to run it.
Portaudit has got to be one of the easiest pieces of software around:
- Step 1: sudo portmaster /usr/ports/ports-mgmt/portaudit
- Step 2: Check your mail daily to see if any vulnerabilities has been found in your installed ports.