Module Name: src
Committed By: jmmv
Date: Tue Jan 19 22:08:52 UTC 2010
Modified Files:
src/share/man/man5: daily.conf.5 security.conf.5
Log Message:
Document the new package-related maintenance options and security checks
in daily.conf and security.conf.
To generate a diff of this commit:
cvs rdiff -u -r1.24 -r1.25 src/share/man/man5/daily.conf.5
cvs rdiff -u -r1.33 -r1.34 src/share/man/man5/security.conf.5
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/share/man/man5/daily.conf.5
diff -u src/share/man/man5/daily.conf.5:1.24 src/share/man/man5/daily.conf.5:1.25
--- src/share/man/man5/daily.conf.5:1.24 Wed Oct 28 02:31:44 2009
+++ src/share/man/man5/daily.conf.5 Tue Jan 19 22:08:52 2010
@@ -1,4 +1,4 @@
-.\" $NetBSD: daily.conf.5,v 1.24 2009/10/28 02:31:44 snj Exp $
+.\" $NetBSD: daily.conf.5,v 1.25 2010/01/19 22:08:52 jmmv Exp $
.\"
.\" Copyright (c) 1996 Matthew R. Green
.\" All rights reserved.
@@ -24,7 +24,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd August 30, 2008
+.Dd January 19, 2010
.Dt DAILY.CONF 5
.Os
.Sh NAME
@@ -58,7 +58,7 @@
(Note that you should never edit
.Pa /etc/defaults/daily.conf
directly, as it is often replaced during system upgrades.)
-.Bl -tag -width purge_accounting
+.Bl -tag -width fetch_pkg_vulnerabilities
.It Sy find_core
This runs
.Xr find 1
@@ -136,6 +136,11 @@
.Xr skeyaudit 1
program to check the S/Key database and informs users of S/Keys that
are about to expire.
+.It Sy fetch_pkg_vulnerabilities
+Refreshes the local database of package vulnerabilities.
+See the settings in
+.Xr security.conf 5
+for details on the actual package checks.
.El
.Pp
The variables described below can be set to modify the tests:
@@ -163,6 +168,10 @@
If set, the report generated by the
.Sy run_security
phase will always be sent, even if it is empty.
+.It Sy pkgdb_dir
+Location of the packages database.
+Defaults to
+.Pa /var/db/pkg .
.El
.Sh FILES
.Bl -tag -width /etc/defaults/daily.conf -compact
Index: src/share/man/man5/security.conf.5
diff -u src/share/man/man5/security.conf.5:1.33 src/share/man/man5/security.conf.5:1.34
--- src/share/man/man5/security.conf.5:1.33 Thu May 29 14:51:25 2008
+++ src/share/man/man5/security.conf.5 Tue Jan 19 22:08:52 2010
@@ -1,4 +1,4 @@
-.\" $NetBSD: security.conf.5,v 1.33 2008/05/29 14:51:25 mrg Exp $
+.\" $NetBSD: security.conf.5,v 1.34 2010/01/19 22:08:52 jmmv Exp $
.\"
.\" Copyright (c) 1996 Matthew R. Green
.\" All rights reserved.
@@ -24,7 +24,7 @@
.\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
.\" SUCH DAMAGE.
.\"
-.Dd May 29, 2006
+.Dd January 19, 2010
.Dt SECURITY.CONF 5
.Os
.Sh NAME
@@ -46,7 +46,7 @@
.Pa /etc/daily.conf .
.Pp
The variables described below can be set to "NO" to disable the test:
-.Bl -tag -width check_network
+.Bl -tag -width check_pkg_vulnerabilities
.It Sy check_passwd
This checks the
.Pa /etc/master.passwd
@@ -151,6 +151,17 @@
This includes files such as
.Pa /etc/master.passwd .
.El
+.It Sy check_pkg_vulnerabilities
+Checks the currently installed packages against a database of known
+vulnerabilities and reports those that are vulnerable.
+Check the
+.Sy fetch_pkg_vulnerabilities
+setting in
+.Xr daily.conf 5
+to keep the database up to date.
+.It Sy check_pkg_signatures
+Checks the digital signature of all files installed by packages against
+the expected values stored in the packages database.
.El
.Pp
The variables described below can be set to modify the tests:
