Skip site navigation (1)Skip section navigation (2)

FreeBSD Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
PORTAUDIT(1)		   FreeBSD ports collection		  PORTAUDIT(1)

NAME
     portaudit -- system to check installed packages for known vulnerabilities

SYNOPSIS
     portaudit [-aCdFqvV] [-X days] [-f	file] [-r eregex] [pkg-name ...]

DESCRIPTION
     portaudit checks installed	packages for known vulnerabilities and gener-
     ates reports including references to security advisories.	Its intended
     audience is system	administrators and individual users.

     portaudit uses a database maintained by port committers and the FreeBSD
     security team to check if security	advisories for any installed packages
     exist.  Note that a current ports tree (or	any local copy of the ports
     tree) is not required for operation.

     This package also installs	a script into /usr/local/etc/periodic/security
     that regularly updates this database and includes a report	of vulnerable
     packages in the daily security report.

     If	you have a vulnerable package installed, you are advised to update or
     deinstall it immediately.

OPTIONS
     The following options are supported:

     -a	 Print a vulnerability report for all installed	packages.

     -C	 Print a vulnerability report for the port in the current working
	 directory.  Mostly useful for port developers.

     -d	 Print the creation date of the	database.

     -F	 Fetch the current database from the FreeBSD servers.

     -q	 Quiet mode.

     -V	 Show portaudit	version	number.

     -v	 Verbose mode.

     -X	days
	 Download a fresh database when	the local is at	least days old.

     -f	file
	 Check the packages listed in file for known vulnerabilities.

     -r	eregex
	 Restrict listed vulnerabilities to those where	a reference matches
	 egrep(1) pattern eregex.  Useful to test new entries.

     pkg-name ...
	 Test whether pkg-name is listed in the	audit database.

     If	no options are given, portaudit	prints a vulnerability report for all
     installed packages.

EXAMPLES
     Fetch the current database	and print its creation date:

	   portaudit -Fd

     Print a vulnerability report for all installed packages:

	   portaudit -a

     Print a vulnerability report for a	remote machine:

	   ssh remote.example pkg_info | awk '{	print $1 }' | xargs portaudit

     Print a vulnerability report for the local	INDEX:

	   portaudit -f	/usr/ports/INDEX-8

     Print a vulnerability report for the current set of prebuild packages:

	   curl	-l
	   ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/All/
	   | sed -n -e 's/.t[bg]z[[:cntrl:]]*$//p' | portaudit -f -

FILES
     /usr/local/etc/portaudit.conf, /var/db/portaudit/auditfile.tbz

SEE ALSO
     ports(7), periodic.conf(5), http://portaudit.FreeBSD.org/,
     http://www.FreeBSD.org/security/#adv, http://VuXML.FreeBSD.org/.

BUGS
     Sure to be	some.

AUTHOR
     Oliver Eikemeier <eik@FreeBSD.org>

HISTORY
     Package auditing first appeared in	NetBSD 1.4.3.

FreeBSD	10.1			 June 21, 2009			  FreeBSD 10.1

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | FILES | SEE ALSO | BUGS | AUTHOR | HISTORY

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=portaudit&sektion=1&manpath=FreeBSD+8.2-RELEASE+and+Ports>

home | help