Skip site navigation (1)Skip section navigation (2)

FreeBSD Man Pages

Man Page or Keyword Search:
Man Architecture
Apropos Keyword Search (all sections) Output format
home | help
PORTAUDIT(1)             1 (freebsd ports collection)             PORTAUDIT(1)

NAME
     portaudit - system to check installed packages for known vulnerabilities

SYNOPSIS
     portaudit [-aCdFqvV] [-X days] [-f file] [-r eregex] [pkg-name ...]

DESCRIPTION
     portaudit checks installed packages for known vulnerabilities and
     generates reports including references to security advisories.  Its
     intended audience is system administrators and individual users.

     portaudit uses a database maintained by port committers and the FreeBSD
     security team to check if security advisories for any installed packages
     exist.  Note that a current ports tree (or any local copy of the ports
     tree) is not required for operation.

     This package also installs a script into /usr/local/etc/periodic/security
     that regularly updates this database and includes a report of vulnerable
     packages in the daily security report.

     If you have a vulnerable package installed, you are advised to update or
     deinstall it immediately.

OPTIONS
     The following options are supported:

     -a     Print a vulnerability report for all installed packages.

     -C     Print a vulnerability report for the port in the current working
            directory.  Mostly useful for port developers.

     -d     Print the creation date of the database.

     -F     Fetch the current database from the FreeBSD servers.

     -q     Quiet mode.

     -V     Show portaudit version number.

     -v     Verbose mode.

     -X days
            Download a fresh database when the local is at least days old.

     -f file
            Check the packages listed in file for known vulnerabilities.

     -r eregex
            Restrict listed vulnerabilities to those where a reference matches
            egrep(1) pattern eregex.  Useful to test new entries.

     pkg-name ...
            Test whether pkg-name is listed in the audit database.

     If no options are given, portaudit prints a vulnerability report for all
     installed packages.

EXAMPLES
     Fetch the current database and print its creation date:

           portaudit -Fd

     Print a vulnerability report for all installed packages:

           portaudit -a

     Print a vulnerability report for a remote machine:

           ssh remote.example pkg_info | awk '{ print $1 }' | xargs portaudit

     Print a vulnerability report for the local INDEX:

           portaudit -f /usr/ports/INDEX-8

     Print a vulnerability report for the current set of prebuild packages:

           curl -l
           ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/All/
           | sed -n -e 's/.t[bg]z[[:cntrl:]]*$//p' | portaudit -f -

FILES
     /usr/local/etc/portaudit.conf, /var/db/portaudit/auditfile.tbz

SEE ALSO
     ports(7), periodic.conf(5), http://portaudit.FreeBSD.org/,
     http://www.FreeBSD.org/security/#adv, http://VuXML.FreeBSD.org/.

BUGS
     Sure to be some.

AUTHOR
     Oliver Eikemeier <eik@FreeBSD.org>

HISTORY
     Package auditing first appeared in NetBSD 1.4.3.

FreeBSD 11.0-PRERELEASE          June 21, 2009         FreeBSD 11.0-PRERELEASE

NAME | SYNOPSIS | DESCRIPTION | OPTIONS | EXAMPLES | FILES | SEE ALSO | BUGS | AUTHOR | HISTORY

Want to link to this manual page? Use this URL:
<https://www.freebsd.org/cgi/man.cgi?query=portaudit&sektion=1&manpath=FreeBSD+8.2-RELEASE+and+Ports>

home | help