Module Name: src Committed By: jmmv Date: Tue Jan 19 22:08:52 UTC 2010
Modified Files: src/share/man/man5: daily.conf.5 security.conf.5 Log Message: Document the new package-related maintenance options and security checks in daily.conf and security.conf. To generate a diff of this commit: cvs rdiff -u -r1.24 -r1.25 src/share/man/man5/daily.conf.5 cvs rdiff -u -r1.33 -r1.34 src/share/man/man5/security.conf.5 Please note that diffs are not public domain; they are subject to the copyright notices on the relevant files.
Modified files: Index: src/share/man/man5/daily.conf.5 diff -u src/share/man/man5/daily.conf.5:1.24 src/share/man/man5/daily.conf.5:1.25 --- src/share/man/man5/daily.conf.5:1.24 Wed Oct 28 02:31:44 2009 +++ src/share/man/man5/daily.conf.5 Tue Jan 19 22:08:52 2010 @@ -1,4 +1,4 @@ -.\" $NetBSD: daily.conf.5,v 1.24 2009/10/28 02:31:44 snj Exp $ +.\" $NetBSD: daily.conf.5,v 1.25 2010/01/19 22:08:52 jmmv Exp $ .\" .\" Copyright (c) 1996 Matthew R. Green .\" All rights reserved. @@ -24,7 +24,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd August 30, 2008 +.Dd January 19, 2010 .Dt DAILY.CONF 5 .Os .Sh NAME @@ -58,7 +58,7 @@ (Note that you should never edit .Pa /etc/defaults/daily.conf directly, as it is often replaced during system upgrades.) -.Bl -tag -width purge_accounting +.Bl -tag -width fetch_pkg_vulnerabilities .It Sy find_core This runs .Xr find 1 @@ -136,6 +136,11 @@ .Xr skeyaudit 1 program to check the S/Key database and informs users of S/Keys that are about to expire. +.It Sy fetch_pkg_vulnerabilities +Refreshes the local database of package vulnerabilities. +See the settings in +.Xr security.conf 5 +for details on the actual package checks. .El .Pp The variables described below can be set to modify the tests: @@ -163,6 +168,10 @@ If set, the report generated by the .Sy run_security phase will always be sent, even if it is empty. +.It Sy pkgdb_dir +Location of the packages database. +Defaults to +.Pa /var/db/pkg . .El .Sh FILES .Bl -tag -width /etc/defaults/daily.conf -compact Index: src/share/man/man5/security.conf.5 diff -u src/share/man/man5/security.conf.5:1.33 src/share/man/man5/security.conf.5:1.34 --- src/share/man/man5/security.conf.5:1.33 Thu May 29 14:51:25 2008 +++ src/share/man/man5/security.conf.5 Tue Jan 19 22:08:52 2010 @@ -1,4 +1,4 @@ -.\" $NetBSD: security.conf.5,v 1.33 2008/05/29 14:51:25 mrg Exp $ +.\" $NetBSD: security.conf.5,v 1.34 2010/01/19 22:08:52 jmmv Exp $ .\" .\" Copyright (c) 1996 Matthew R. Green .\" All rights reserved. @@ -24,7 +24,7 @@ .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF .\" SUCH DAMAGE. .\" -.Dd May 29, 2006 +.Dd January 19, 2010 .Dt SECURITY.CONF 5 .Os .Sh NAME @@ -46,7 +46,7 @@ .Pa /etc/daily.conf . .Pp The variables described below can be set to "NO" to disable the test: -.Bl -tag -width check_network +.Bl -tag -width check_pkg_vulnerabilities .It Sy check_passwd This checks the .Pa /etc/master.passwd @@ -151,6 +151,17 @@ This includes files such as .Pa /etc/master.passwd . .El +.It Sy check_pkg_vulnerabilities +Checks the currently installed packages against a database of known +vulnerabilities and reports those that are vulnerable. +Check the +.Sy fetch_pkg_vulnerabilities +setting in +.Xr daily.conf 5 +to keep the database up to date. +.It Sy check_pkg_signatures +Checks the digital signature of all files installed by packages against +the expected values stored in the packages database. .El .Pp The variables described below can be set to modify the tests: