diff options
Diffstat (limited to 'ports-mgmt/portaudit')
-rw-r--r-- | ports-mgmt/portaudit/Makefile | 82 | ||||
-rw-r--r-- | ports-mgmt/portaudit/files/portaudit-cmd.sh | 474 | ||||
-rw-r--r-- | ports-mgmt/portaudit/files/portaudit.1 | 175 | ||||
-rw-r--r-- | ports-mgmt/portaudit/files/portaudit.conf | 19 | ||||
-rw-r--r-- | ports-mgmt/portaudit/files/portaudit.sh | 61 | ||||
-rw-r--r-- | ports-mgmt/portaudit/pkg-deinstall | 19 | ||||
-rw-r--r-- | ports-mgmt/portaudit/pkg-descr | 16 | ||||
-rw-r--r-- | ports-mgmt/portaudit/pkg-install | 36 | ||||
-rw-r--r-- | ports-mgmt/portaudit/pkg-plist | 7 | ||||
-rw-r--r-- | ports-mgmt/portaudit/pkg-req | 32 |
10 files changed, 0 insertions, 921 deletions
diff --git a/ports-mgmt/portaudit/Makefile b/ports-mgmt/portaudit/Makefile deleted file mode 100644 index 914dd0c95f35..000000000000 --- a/ports-mgmt/portaudit/Makefile +++ /dev/null @@ -1,82 +0,0 @@ -# New ports collection makefile for: portaudit -# Date created: 25 Jan 2004 -# Whom: Oliver Eikemeier -# -# $FreeBSD$ -# - -PORTNAME= portaudit -PORTVERSION= 0.5.10 -CATEGORIES= security -DISTFILES= - -MAINTAINER= secteam@FreeBSD.org -COMMENT= Checks installed ports against a list of security vulnerabilities - -MAN1= portaudit.1 - -PERIODICDIR?= ${PREFIX}/etc/periodic -DATABASEDIR?= /var/db/portaudit - -PKGREQ= ${WRKDIR}/pkg-req -PKGINSTALL= ${WRKDIR}/pkg-install -PKGDEINSTALL= ${WRKDIR}/pkg-deinstall - -PLIST_SUB+= PERIODICDIR="${PERIODICDIR:S,^${PREFIX}/,,}" \ - DATABASEDIR="${DATABASEDIR}" - -REQPKGVER= 20040623 - -SED_SCRIPT= -e 's|%%PREFIX%%|${PREFIX}|g' \ - -e 's|%%LOCALBASE%%|${LOCALBASE}|g' \ - -e "s|%%PORTSDIR%%|${PORTSDIR}|g" \ - -e "s|%%INDEXFILE%%|${INDEXFILE}|g" \ - -e "s|%%DATABASEDIR%%|${DATABASEDIR}|g" \ - -e "s|%%PORTVERSION%%|${PORTVERSION}|g" \ - -e "s|%%REQPKGVER%%|${REQPKGVER}|g" \ - -e "s|%%BZIP2_CMD%%|${BZIP2_CMD}|g" \ - -.include <bsd.port.pre.mk> - -.if !defined(DFOSVERSION) -.if ${OSVERSION} < 491101 || ${OSVERSION} >= 500000 && ${OSVERSION} < 502120 -RUN_DEPENDS= ${LOCALBASE}/sbin/pkg_info:${PORTSDIR}/sysutils/pkg_install-devel -.endif -.else -.if ${DFOSVERSION} < 110000 -RUN_DEPENDS= ${LOCALBASE}/sbin/pkg_info:${PORTSDIR}/sysutils/pkg_install-devel -.endif -.endif - -.if defined(BZIP2DEPENDS) -RUN_DEPENDS+= bzip2:${PORTSDIR}/archivers/bzip2 -.endif - -do-build: -.for f in portaudit-cmd.sh portaudit.sh portaudit.1 portaudit.conf - @${SED} ${SED_SCRIPT} ${FILESDIR}/${f} >${WRKDIR}/${f} -.endfor - -post-build: -.for f in pkg-req pkg-install pkg-deinstall - @${SED} ${SED_SCRIPT} ${PKGDIR}/${f} >${WRKDIR}/${f} -.endfor - -pre-install: -.if !defined(PACKAGE_BUILDING) - @${SETENV} "PKG_PREFIX=${PREFIX}" ${SH} ${PKGREQ} ${PKGNAME} INSTALL -.endif - @${SETENV} "PKG_PREFIX=${PREFIX}" ${SH} ${PKGINSTALL} ${PKGNAME} PRE-INSTALL - -do-install: - @${INSTALL_SCRIPT} ${WRKDIR}/portaudit-cmd.sh ${PREFIX}/sbin/portaudit - @${INSTALL_DATA} ${WRKDIR}/portaudit.conf ${PREFIX}/etc/portaudit.conf.sample - @${INSTALL_MAN} ${WRKDIR}/portaudit.1 ${MAN1PREFIX}/man/man1 - @${MKDIR} ${PERIODICDIR}/security - @${INSTALL_SCRIPT} ${WRKDIR}/portaudit.sh ${PERIODICDIR}/security/410.portaudit - @${MKDIR} ${DATABASEDIR} - -post-install: - @${SETENV} "PKG_PREFIX=${PREFIX}" ${SH} ${PKGINSTALL} ${PKGNAME} POST-INSTALL - -.include <bsd.port.post.mk> diff --git a/ports-mgmt/portaudit/files/portaudit-cmd.sh b/ports-mgmt/portaudit/files/portaudit-cmd.sh deleted file mode 100644 index b16c7e368dab..000000000000 --- a/ports-mgmt/portaudit/files/portaudit-cmd.sh +++ /dev/null @@ -1,474 +0,0 @@ -#!/bin/sh -efu -# -# Copyright (c) 2004 Oliver Eikemeier. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are -# met: -# -# 1. Redistributions of source code must retain the above copyright notice -# this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# 3. Neither the name of the author nor the names of its contributors may be -# used to endorse or promote products derived from this software without -# specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# -# $FreeBSD$ -# - -portaudit_confs() -{ - : ${portaudit_dir="%%DATABASEDIR%%"} - : ${portaudit_filename="auditfile.tbz"} - - : ${portaudit_fetch_env=""} - : ${portaudit_fetch_cmd="fetch -1mp"} - - : ${portaudit_sites="http://www.FreeBSD.org/ports/"} - - : ${portaudit_fixed=""} - - if [ -r %%PREFIX%%/etc/portaudit.conf ]; then - . %%PREFIX%%/etc/portaudit.conf - fi -} - -extract_auditfile() -{ - %%BZIP2_CMD%% -dc -- "$portaudit_dir/$portaudit_filename" | \ - tar -xOf - auditfile -} - -checksum_auditfile() -{ - chksum1=`extract_auditfile | - sed -nE -e '$s/^#CHECKSUM: *MD5 *([0-9a-f]{32})$/\1/p'` - chksum2=`extract_auditfile | sed -e '$d' | md5` - [ "$chksum1" = "$chksum2" ]; -} - -getcreated_auditfile() -{ - extract_auditfile | - sed -nE -e '1s/^#CREATED: *([0-9]{4})-?([0-9]{2})-?([0-9]{2}) *([0-9]{2}):?([0-9]{2}):?([0-9]{2}).*$/\1-\2-\3 \4:\5:\6/p' -} - -gettimestamp_auditfile() -{ - extract_auditfile | - sed -nE -e '1s/^#CREATED: *([0-9]{4})-?([0-9]{2})-?([0-9]{2}).*$/\1\2\3/p' -} - -checkexpiry_auditfile() -{ - created=`gettimestamp_auditfile` - expiry=`date -u -v-$1d '+%Y%m%d'` - [ "$created" -gt "$expiry" ]; -} - -portaudit_prerequisites() -{ - if $prerequisites_checked; then - return 0 - fi - - if [ -z "${pkg_info:-}" ]; then - if [ -x "%%LOCALBASE%%/sbin/pkg_info" ]; then - pkg_info="%%LOCALBASE%%/sbin/pkg_info" - else - pkg_info="/usr/sbin/pkg_info" - fi - fi - - if [ -z "${pkg_version:-}"]; then - case "$pkg_info" in - */*) - pkg_version="${pkg_info%/*}/pkg_version";; - *) - pkg_version="pkg_version";; - esac - fi - - PKG_INSTALL_VER=`$pkg_info -qP 2>/dev/null` - if [ -z "$PKG_INSTALL_VER" -o "$PKG_INSTALL_VER" -lt %%REQPKGVER%% ]; then - echo "$pkg_info is too old, please update port sysutils/pkg_install-devel" - return 1 - fi - - if [ ! -r "$portaudit_dir/$portaudit_filename" ]; then - echo "portaudit: Database missing, run \`portaudit -F' to update." >&2 - return 2 - elif ! checksum_auditfile; then - echo "portaudit: Corrupt database." >&2 - return 2 - elif ! checkexpiry_auditfile 14; then - echo "portaudit: Database too old." >&2 - return 2 - fi - - prerequisites_checked=true - return 0 -} - -audit_installed() -{ - local rc=0 - local osversion=`sysctl -n kern.osreldate` - - fixedre=`echo -n $portaudit_fixed | tr -c '[:alnum:]- \t\n' 'x' | tr -s ' \t\n' '|'` - - extract_auditfile | awk -F\| "$PRINTAFFECTED_AWK"' - BEGIN { vul=0; fixedre="'"$fixedre"'" } - /^(#|\$)/ { next } - $2 !~ /'"$opt_restrict"'/ { next } - $1 ~ /^FreeBSD[<=>!]/ { - if (fixedre && $2 ~ fixedre) next - if (!system("'"$pkg_version"' -T \"FreeBSD-'"$osversion"'\" \"" $1 "\"")) { - print_affected("FreeBSD-'"$osversion"'", \ - "To disable this check add the uuid to \`portaudit_fixed'"'"' in %%PREFIX%%/etc/portaudit.conf") - } - next - } - { - cmd="'"$pkg_info"' -E \"" $1 "\"" - while((cmd | getline pkg) > 0) { - vul++ - print_affected(pkg, "") - } - close(cmd) - } - END { - if ("'$opt_quiet'" == "false") { - print vul " problem(s) in your installed packages found." - } - if (vul > 0) { - if ("'$opt_quiet'" == "false") { - print "\nYou are advised to update or deinstall" \ - " the affected package(s) immediately." - } - exit(1) - } - } - ' || rc=$? - - return $rc -} - -audit_file() -{ - local rc=0 - local TMPFILE= - - case "$1" in - -) - TMPFILE=`mktemp -t portaudit` - cat > "$TMPFILE" - FILE="$TMPFILE" - ;; - http://*|ftp://*|https://*|file://*) - echo "portaudit: Can't audit remote file $1" >&2 - return 2 - ;; - *) - if [ -r "$1" ]; then - FILE="$1" - else - echo "portaudit: Can't read $1" >&2 - return 2 - fi - ;; - esac - - extract_auditfile | awk -F\| "$PRINTAFFECTED_AWK"' - BEGIN { vul=0 } - /^(#|\$)/ { next } - { - cmd="'"$pkg_version"' -T - \"" $1 "\" <\"'"$FILE"'\"" - while((cmd | getline pkg) > 0) { - if ($2 !~ /'"$opt_restrict"'/) - continue - vul++ - print_affected(pkg, "") - } - close(cmd) - } - END { - print vul " problem(s) found." - if (vul > 0) { - exit(1) - } - } - ' || rc=$? - - if [ -n "$TMPFILE" ]; then - rm "$TMPFILE" - fi - return $rc -} - -audit_args() -{ - local VULCNT=0 - while [ $# -gt 0 ]; do - case "$1" in - /*|-) - echo "portaudit: $1 is a file, please use the -f option" >&2 - ;; - http://*|ftp://*|https://*|file://*) - echo "portaudit: Can't audit remote file $1" >&2 - ;; - *) - if VLIST=`extract_auditfile | awk -F\| ' - /^(#|\$)/ { next } - $2 !~ /'"$opt_restrict"'/ { next } - { print } - ' | $pkg_version -T "$1" -`; then - VULCNT=$(($VULCNT+1)) - echo "$VLIST" | awk -F\| "$PRINTAFFECTED_AWK"' - { print_affected("'"$1"'", "") } - ' - fi - ;; - esac - shift - done - $opt_quiet || echo "$VULCNT problem(s) found." - if [ $VULCNT -gt 0 ]; then - return 1 - fi -} - -audit_cwd() -{ - if [ ! -r "Makefile" ]; then - echo "portaudit: No Makefile here" >&2 - return 2 - fi - - PKGNAME=`make -VPKGNAME 2>/dev/null || true"` - - if [ -z "$PKGNAME" ]; then - echo "portaudit: Can't determine the package name" >&2 - return 2 - fi - - if VLIST=`extract_auditfile | awk -F\| ' - /^(#|\$)/ { next } - $2 !~ /'"$opt_restrict"'/ { next } - { print } - ' | $pkg_version -T "$PKGNAME" -`; then - echo "$VLIST" | awk -F\| "$PRINTAFFECTED_AWK"' - { print_affected("'"$PKGNAME"'", "") } - ' - return 1 - fi -} - -fetch_auditfile() -{ - local rc=2 - - if [ ! -d "$portaudit_dir" ]; then - if ! mkdir -p "$portaudit_dir"; then - echo "Couldn't create $portaudit_dir, try running \`portaudit -F' as root" >&2 - return 2 - fi - fi - if [ ! -w "$portaudit_dir" ]; then - echo "Couldn't write to $portaudit_dir, try running \`portaudit -F' as root" >&2 - return 2 - - fi - cd "$portaudit_dir" - if [ -r "$portaudit_filename" ]; then - cp -f "$portaudit_filename" "$portaudit_filename.old" - fi - - $opt_verbose && echo "Attempting to fetch from $portaudit_sites." - urls=`echo "$portaudit_sites" | tr -s ' \t' '\n' | sed -E -e "s/?\$/$portaudit_filename"` - - if ! env $portaudit_fetch_env $portaudit_fetch_cmd $urls; then - echo "Couldn't fetch database." >&2 - elif [ ! -f "$portaudit_dir/$portaudit_filename" ] ; then - echo "portaudit: No database." >&2 - elif ! checksum_auditfile; then - echo "portaudit: Database corrupt." >&2 - elif ! checkexpiry_auditfile 7; then - echo "portaudit: Database too old." >&2 - else - $opt_quiet || echo "New database installed." - rc=0 - break - fi - - if [ -f "$portaudit_filename.old" ]; then - if [ $rc -eq 0 ]; then - rm -f "$portaudit_filename.old" - else - mv -f "$portaudit_filename.old" "$portaudit_filename" - $opt_quiet || echo "Old database restored." - fi - fi - if [ -f "$portaudit_filename" ]; then - chmod a=r "$portaudit_filename" - fi - - return $rc -} - -portaudit_confs - -opt_audit=false -opt_auditcwd=false -opt_dbversion=false -opt_fetch=false -opt_file= -opt_quiet=false -opt_restrict= -opt_verbose=false -opt_version=false -opt_expiry= - -if [ $# -eq 0 ] ; then - opt_audit=true -fi - -while getopts aCdf:Fqr:vVX: opt; do - case "$opt" in - a) - opt_audit=true;; - C) - opt_auditcwd=true;; - d) - opt_dbversion=true;; - f) - opt_file="$OPTARG";; - F) - opt_fetch=true;; - q) - opt_quiet=true;; - r) - opt_restrict="$OPTARG";; - v) - opt_verbose=true;; - V) - opt_version=true;; - X) - opt_expiry="$OPTARG";; - ?) - echo "Usage: $0 -aCdFVvq [-X days] [-r pattern] [-f file] [pkg-name ...]" - exit 2;; - esac -done - -shift $(($OPTIND-1)) - -ret=0 - -if $opt_version; then - echo "portaudit version %%PORTVERSION%%" -fi - -if $opt_fetch; then - if ! fetch_auditfile; then - echo "portaudit: Download failed." >&2 - exit 2 - fi -elif [ -n "$opt_expiry" ]; then - if [ ! -r "$portaudit_dir/$portaudit_filename" ] || ! checkexpiry_auditfile "$opt_expiry"; then - $opt_quiet || echo "Downloading fresh database." - if ! fetch_auditfile; then - echo "portaudit: Download failed." >&2 - exit 2 - fi - ret=1 - fi -fi - -if $opt_dbversion; then - if [ ! -f "$portaudit_dir/$portaudit_filename" ]; then - echo "portaudit: Database missing, run \`portaudit -F' to update." >&2 - exit 2 - fi - if ! checksum_auditfile; then - echo "portaudit: Database corrupt." >&2 - exit 2 - fi - created=`getcreated_auditfile` - echo "Database created: `date -j -f '%Y-%m-%d %H:%M:%S %Z' \"$created GMT\"`" -fi - -prerequisites_checked=false - -if $opt_quiet; then - PRINTAFFECTED_AWK=' - function print_affected(apkg, note) { - print apkg - } - ' -elif $opt_verbose; then - PRINTAFFECTED_AWK=' - function print_affected(apkg, note) { - split(apkg, thepkg) - print "Affected package: " thepkg[1] " (matched by " $1 ")" - print "Type of problem: " $3 "." - split($2, ref, / /) - for (r in ref) - print "Reference: <" ref[r] ">" - if (note) - print "Note: " note - print "" - } - ' -else - PRINTAFFECTED_AWK=' - function print_affected(apkg, note) { - split(apkg, thepkg) - print "Affected package: " thepkg[1] - print "Type of problem: " $3 "." - split($2, ref, / /) - for (r in ref) - print "Reference: <" ref[r] ">" - if (note) - print "Note: " note - print "" - } - ' -fi - -if $opt_audit; then - portaudit_prerequisites - audit_installed || ret=$? -fi - -if $opt_auditcwd; then - portaudit_prerequisites - audit_cwd || ret=$? -fi - -if [ -n "$opt_file" ]; then - portaudit_prerequisites - audit_file "$opt_file" || ret=$? -fi - -if [ $# -gt 0 ]; then - portaudit_prerequisites - audit_args "$@" || ret=$? -fi - -exit $ret diff --git a/ports-mgmt/portaudit/files/portaudit.1 b/ports-mgmt/portaudit/files/portaudit.1 deleted file mode 100644 index da683a2a6e8b..000000000000 --- a/ports-mgmt/portaudit/files/portaudit.1 +++ /dev/null @@ -1,175 +0,0 @@ -.\" Copyright (c) 2004 Oliver Eikemeier. All rights reserved. -.\" -.\" Redistribution and use in source and binary forms, with or without -.\" modification, are permitted provided that the following conditions are -.\" met: -.\" -.\" 1. Redistributions of source code must retain the above copyright notice -.\" this list of conditions and the following disclaimer. -.\" -.\" 2. Redistributions in binary form must reproduce the above copyright -.\" notice, this list of conditions and the following disclaimer in the -.\" documentation and/or other materials provided with the distribution. -.\" -.\" 3. Neither the name of the author nor the names of its contributors may be -.\" used to endorse or promote products derived from this software without -.\" specific prior written permission. -.\" -.\" THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -.\" INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -.\" AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -.\" COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -.\" INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -.\" NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -.\" DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -.\" THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -.\" (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -.\" THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -.\" -.\" $FreeBSD$ -.\" -.Dd July 3, 2005 -.Os -.Dt PORTAUDIT \&1 "FreeBSD ports collection" -. -. -.Sh NAME -. -.Nm portaudit -.Nd system to check installed packages for known vulnerabilities -. -. -.Sh SYNOPSIS -. -.Nm -.Op Fl aCdFqvV -.Op Fl X Ar days -.Op Fl f Ar file -.Op Fl r Ar eregex -.Op Ar pkg-name ... -. -. -.Sh DESCRIPTION -. -.Nm -checks installed packages for known vulnerabilities and generates reports -including references to security advisories. -Its intended audience is system administrators and individual users. -.Pp -.Nm -uses a database maintained by port committers and the FreeBSD security team -to check if security advisories for any installed packages exist. -Note that a current ports tree (or any local copy of the ports tree) is not -required for operation. -.Pp -This package also installs a script into %%PREFIX%%/etc/periodic/security -that regularly updates this database and includes a report of vulnerable -packages in the daily security report. -.Pp -If you have a vulnerable package installed, you are advised to update or -deinstall it immediately. -. -. -.Sh OPTIONS -. -The following options are supported: -.Bl -tag -width ".Fl X" -.It Fl a -Print a vulnerability report for all installed packages. -.It Fl C -Print a vulnerability report for the port in the current working directory. -Mostly useful for port developers. -.It Fl d -Print the creation date of the database. -.It Fl F -Fetch the current database from the -.Fx -servers. -.It Fl q -Quiet mode. -.It Fl V -Show -.Nm -version number. -.It Fl v -Verbose mode. -.It Fl X Ar days -Download a fresh database when the local is at least -.Ar days -old. -.It Fl f Ar file -Check the packages listed in -.Ar file -for known vulnerabilities. -.It Fl r Ar eregex -Restrict listed vulnerabilities to those where a reference matches -.Xr egrep 1 -pattern -.Ar eregex . -Useful to test new entries. -.It Ar pkg-name ... -Test whether -.Ar pkg-name -is listed in the audit database. -.El -.Pp -If no options are given, -.Nm -prints a vulnerability report for all installed packages. -. -. -.Sh EXAMPLES -. -.Bl -item -.It -Fetch the current database and print its creation date: -.Pp -.Dl "portaudit -Fd" -.It -Print a vulnerability report for all installed packages: -.Pp -.Dl "portaudit -a" -.It -Print a vulnerability report for a remote machine: -.Pp -.Dl "ssh remote.example pkg_info | awk '{ print $1 }' | xargs portaudit" -.It -Print a vulnerability report for the local INDEX: -.Pp -.Dl "portaudit -f %%PORTSDIR%%/%%INDEXFILE%%" -.It -Print a vulnerability report for the current set of prebuild packages: -.Pp -.Dl "curl -l ftp://ftp.FreeBSD.org/pub/FreeBSD/ports/i386/packages-5-current/All/ | sed -n -e 's/\.t[bg]z[[:cntrl:]]*$//p' | portaudit -f -" -.El -. -. -.Sh FILES -. -.Pa %%PREFIX%%/etc/portaudit.conf , -.Pa %%DATABASEDIR%%/auditfile.tbz -. -. -.Sh SEE ALSO -. -.Xr ports 7 , -.Xr periodic.conf 5 , -.Pa http://www.FreeBSD.org/ports/portaudit/ , -.Pa http://www.FreeBSD.org/security/#adv , -.Pa http://FreeBSD.VuXML.org/ . -. -. -.Sh BUGS -. -Sure to be some. -. -. -.Sh AUTHOR -. -.An Oliver Eikemeier Aq eik@FreeBSD.org -. -. -.Sh HISTORY -. -Package auditing first appeared in -.Nx 1.4.3 . diff --git a/ports-mgmt/portaudit/files/portaudit.conf b/ports-mgmt/portaudit/files/portaudit.conf deleted file mode 100644 index c4b7362594c8..000000000000 --- a/ports-mgmt/portaudit/files/portaudit.conf +++ /dev/null @@ -1,19 +0,0 @@ -# -# Sample configuration file for portaudit(1) -# -# copy to %%PREFIX%%/etc/portaudit.conf -# -# $FreeBSD$ -# - -# specify a proxy if needed, see fetch(3) -#portaudit_fetch_env="FTP_PROXY=http://ftp.proxy.sample/ HTTP_PROXY=http://http.proxy.sample:80/" - -# default fetch command -#portaudit_fetch_cmd="fetch -1amp" - -# specify a local mirror that generates databases with portaudit-db here -#portaudit_sites="http://www.FreeBSD.org/ports/" - -# this vulnerability has been fixed in your FreeBSD version -#portaudit_fixed="d2102505-f03d-11d8-81b0-000347a4fa7d" diff --git a/ports-mgmt/portaudit/files/portaudit.sh b/ports-mgmt/portaudit/files/portaudit.sh deleted file mode 100644 index 8e3b460ec750..000000000000 --- a/ports-mgmt/portaudit/files/portaudit.sh +++ /dev/null @@ -1,61 +0,0 @@ -#!/bin/sh -f -# -# Copyright (c) 2004 Oliver Eikemeier. All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are -# met: -# -# 1. Redistributions of source code must retain the above copyright notice -# this list of conditions and the following disclaimer. -# -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# -# 3. Neither the name of the author nor the names of its contributors may be -# used to endorse or promote products derived from this software without -# specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, -# INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY -# AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE -# COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, -# INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT -# NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, -# DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY -# THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT -# (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF -# THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. -# -# $FreeBSD$ -# - -# If there is a global system configuration file, suck it in. -# -if [ -r /etc/defaults/periodic.conf ]; then - . /etc/defaults/periodic.conf - source_periodic_confs -fi - -rc=0 -case "${daily_status_security_portaudit_enable:-YES}" in - [Nn][Oo]) - ;; - *) - echo - echo "Checking for a current audit database:" - echo - %%PREFIX%%/sbin/portaudit -X "${daily_status_security_portaudit_expiry:-2}" || rc=$? - if [ $rc -lt 2 ]; then - %%PREFIX%%/sbin/portaudit -d - echo - echo "Checking for packages with security vulnerabilities:" - echo - echo %%PREFIX%%/sbin/portaudit -a | - su -fm "${daily_status_security_portaudit_user:-nobody}" || rc=$? - fi - ;; -esac - -exit "$rc" diff --git a/ports-mgmt/portaudit/pkg-deinstall b/ports-mgmt/portaudit/pkg-deinstall deleted file mode 100644 index 948c7135abb6..000000000000 --- a/ports-mgmt/portaudit/pkg-deinstall +++ /dev/null @@ -1,19 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -case $2 in -POST-DEINSTALL) - echo - echo "The portaudit package has been deleted." - if [ -f "%%DATABASEDIR%%/auditfile.tbz" ]; then - echo "If you're *not* upgrading and won't be using" - echo "it any longer, you may want to remove the" - echo "portaudit database:" - echo - echo " rm -Rf %%DATABASEDIR%%" - fi - echo - ;; -esac diff --git a/ports-mgmt/portaudit/pkg-descr b/ports-mgmt/portaudit/pkg-descr deleted file mode 100644 index 9dd30dd115f6..000000000000 --- a/ports-mgmt/portaudit/pkg-descr +++ /dev/null @@ -1,16 +0,0 @@ -portaudit provides a system to check if installed ports are listed in a -database of published security vulnerabilities. - -After installation it will update this security database automatically and -include its reports in the output of the daily security run. - -If you have found a vulnerability not listed in the database, please contact -the FreeBSD Security Officer <security-officer@FreeBSD.org>. Refer to - - http://www.freebsd.org/security/#sec - -for more information. - -WWW: http://people.freebsd.org/~eik/portaudit/ - -Oliver Eikemeier <eik@FreeBSD.org> diff --git a/ports-mgmt/portaudit/pkg-install b/ports-mgmt/portaudit/pkg-install deleted file mode 100644 index 6ee3e0433e46..000000000000 --- a/ports-mgmt/portaudit/pkg-install +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -PREFIX="${PREFIX:-%%PREFIX%%}" - -case $2 in -PRE-INSTALL) - if egrep -qs "^(FETCH|MASTER_SITE)_" "$PREFIX/etc/portaudit.conf" ;then - echo - echo "*** WARNING ***" - echo - echo "The preference file format has changed. Please edit" - echo " $PREFIX/etc/portaudit.conf" - echo - fi - if egrep -qs "^daily_status_portaudit_" "/etc/periodic.conf" ;then - echo - echo "*** WARNING ***" - echo - echo "The periodic(8) names have changed. Please edit" - echo " /etc/periodic.conf" - echo - fi - ;; -POST-INSTALL) - if [ ! -f "%%DATABASEDIR%%/auditfile.tbz" ]; then - echo - echo "===> To check your installed ports for known vulnerabilities now, do:" - echo - echo " $PREFIX/sbin/portaudit -Fda" - echo - fi - ;; -esac diff --git a/ports-mgmt/portaudit/pkg-plist b/ports-mgmt/portaudit/pkg-plist deleted file mode 100644 index 84b4ccaaf52e..000000000000 --- a/ports-mgmt/portaudit/pkg-plist +++ /dev/null @@ -1,7 +0,0 @@ -sbin/portaudit -etc/portaudit.conf.sample -%%PERIODICDIR%%/security/410.portaudit -@unexec rmdir %D/%%PERIODICDIR%%/security 2>/dev/null || true -@unexec rmdir %D/%%PERIODICDIR%% 2>/dev/null || true -@exec mkdir -p %%DATABASEDIR%% -@unexec rmdir %%DATABASEDIR%% 2>/dev/null || true diff --git a/ports-mgmt/portaudit/pkg-req b/ports-mgmt/portaudit/pkg-req deleted file mode 100644 index 5a8ba2d087db..000000000000 --- a/ports-mgmt/portaudit/pkg-req +++ /dev/null @@ -1,32 +0,0 @@ -#!/bin/sh -# -# $FreeBSD$ -# - -case $2 in -INSTALL) - if [ -z "${PKG_INFO}" ]; then - if [ -x "%%LOCALBASE%%/sbin/pkg_info" ]; then - PKG_INFO="%%LOCALBASE%%/sbin/pkg_info" - else - PKG_INFO="/usr/sbin/pkg_info" - fi - fi - - if [ ! -x "${PKG_INFO}" ]; then - echo "${PKG_INFO} missing, please install port sysutils/pkg_install-devel" - exit 1 - fi - - PKG_INSTALL_VER=`${PKG_INFO} -qP 2>/dev/null` - if [ -z "${PKG_INSTALL_VER}" -o "${PKG_INSTALL_VER}" -lt %%REQPKGVER%% ]; then - echo "${PKG_INFO} is too old, please update port sysutils/pkg_install-devel" - exit 1 - fi - - if [ "`echo FreeBSD | tr -s .`" != "FreeBSD" ]; then - echo "tr(1) is broken." - exit 1 - fi - ;; -esac |