On 8/28/2012 1:47 PM, David Newman wrote:
1. On a 8.0-RELEASE system, I'm having a problem with the automake14
port, where the portaudit port reports this vulnerability:
http://portaudit.freebsd.org/10f38033-e006-11e1-9304-.html
Refreshing the ports collection with 'portsnap
On 8/28/12 11:53 AM, Bryan Drewery wrote:
On 8/28/2012 1:47 PM, David Newman wrote:
1. On a 8.0-RELEASE system, I'm having a problem with the automake14
port, where the portaudit port reports this vulnerability:
http://portaudit.freebsd.org/10f38033-e006-11e1-9304-.html
On Fri, 25 Dec 2009 23:45:39 -0800
Nerius Landys nlan...@gmail.com replied:
For the past week or so, portaudit has been warning me that the
installed version of php on my system (php5-5.2.11_1) has known
vulnerabilties. Fair enough. However, I've not seen a fix in the
ports tree since then.
For the past week or so, portaudit has been warning me that the
installed version of php on my system (php5-5.2.11_1) has known
vulnerabilties. Fair enough. However, I've not seen a fix in the ports
tree since then. Is my only option to deinstall php until this gets
fixed?
Hi. I've been
Hi again,
Today portaudit works fine with
${portaudit_sites=http://portaudit.FreeBSD.org/}
Now I need to change this option in portaudit on all servers.
Regards
Arek
--
Arek Czereszewski
arek (at) wup-katowice (dot) pl
UNIX allows me to work smarter, not harder.
On Wednesday 01 July 2009 08:02:47 Arek Czereszewski wrote:
Hi,
On all my servers I have portaudit version 0.5.13
If I try update audit database (by hand or from periodic script)
I have:
# portaudit -Fd
auditfile.tbz 100% of 53 kB 39 kBps
portaudit:
On Wednesday, 1 July 2009 02:02:47 Arek Czereszewski wrote:
Hi,
On all my servers I have portaudit version 0.5.13
If I try update audit database (by hand or from periodic script)
I have:
# portaudit -Fd
auditfile.tbz 100% of 53 kB 39 kBps
portaudit:
I believe I am incorrect. I checked further and it looks like
$daily_status_security_portaudit_enable defaults to YES in the
portaudit script so it should run fine. Everything seems to be
working. I don't know why I thought it wasn't running before. Sorry
for the trouble. Thanks.
On Sat, Dec 20,
Thank you Sahil Tandon
I have solved the problem. My ISP uses proxy for http (I think) as I have
closed off port 80 and opened port 8080, and that has got me to the web
with no problem. I have also been able to use ports installation with my
ipf firewall setup, so I could not understand why
Cristian KLEIN ha scritto:
But have you tried running these commands from the shell? It is very important
to check the scripts with the above SHELL PATH environment. If the above works
from the shell, I'm pretty much out of ideas too.
Yes, and it did work.
In the end I realized the problem
Cristian KLEIN ha scritto:
I used to have problem with cron scripts, because cron uses another PATH then
what the script gets if it's run from the shell. Could you try the following
(assuming sh):
export SHELL=/bin/sh
export PATH=/etc:/bin:/sbin:/usr/bin:/usr/sbin
export HOME=/var/log
periodic
Andrea Venturoli wrote:
Cristian KLEIN ha scritto:
I used to have problem with cron scripts, because cron uses another
PATH then
what the script gets if it's run from the shell. Could you try the
following
(assuming sh):
export SHELL=/bin/sh
export
Andrea Venturoli wrote:
Hello.
I'm running a dozen boxes (most being 6.2) with portaudit installed and
I usually get a port vulnerability report in the daily security run.
On one box, however, portaudit's db won't update automatically. The
security reports will mention no vulnerability,
On Mon, 26 Nov 2007 12:45:56 +0200
Cristian KLEIN [EMAIL PROTECTED] wrote:
Andrea Venturoli wrote:
On one box, however, portaudit's db won't update automatically. The
security reports will mention no vulnerability, even when I know
they are there.
Running periodic daily from a shell
RW ha scritto:
Have you checked its clock?
Yep.
# date
Fri Nov 23 18:13:17 CET 2007
Seems fine to me.
Also, it's running ntp, although I'd excpect something better from it.
bye Thanks
av.
___
freebsd-questions@freebsd.org mailing list
On Fri, 23 Nov 2007 10:28:31 +0100
Andrea Venturoli [EMAIL PROTECTED] wrote:
Hello.
I'm running a dozen boxes (most being 6.2) with portaudit installed
and I usually get a port vulnerability report in the daily security
run.
On one box, however, portaudit's db won't update automatically.
Jim Angstadt wrote:
Hi All,
I'm new to FreeBSD.
The daily security report lists 9 problems with
installed packages.
In an earlier message I was advised to use the ports
system to avoid dealing with package dependencies.
Thanks to all for that advice.
So I have done the cvsup,
Michael C. Shultz [EMAIL PROTECTED] writes:
On Sunday 30 October 2005 22:45, you wrote:
G'day.
[...]
I can't work out how to tell portaudit to stop bothering me about
[a single] particular vulnerability, though.
Can I ask it to exclude a vulnerability, or (ever better) a
On Sunday 30 October 2005 22:45, you wrote:
G'day. I am relatively new to FreeBSD, but failed to find an answer to
this question in the handbook, manual pages, or other references about
portaudit:
At the moment, portaudit is reporting one vulnerability on my system,
with the
Wright Jim Contractor 14MDSS/SGSI wrote:
I guess my question is this.
How do I use the FreeBSD tools, Ports/Packages, etc, to install this latest
version??
Or am I missing the concept altogether ?
( I understand the process of downloading this latest version and installing
it manually. Just
On Wed, 28 Sep 2005 15:07:40 -0500, Wright Jim Contractor 14MDSS/SGSI [EMAIL
PROTECTED]
Subject: portaudit question.
Wrote these words of wisdom:
To keep the story short:
I'm using version FreeBSD 5.4-RELEASE #6: Thu Aug 25 09:12:43 CDT 2005;
pasted from the dmesg.boot file.
To
- Original Message -
From: Wright Jim Contractor 14MDSS/SGSI [EMAIL PROTECTED]
To: freebsd-questions@FreeBSD.org
Sent: Wednesday, September 28, 2005 1:07 PM
Subject: portaudit question.
To keep the story short:
I'm using version FreeBSD 5.4-RELEASE #6: Thu Aug 25 09:12:43 CDT
Wright Jim Contractor 14MDSS/SGSI wrote:
To keep the story short:
I'm using version FreeBSD 5.4-RELEASE #6: Thu Aug 25 09:12:43 CDT 2005;
pasted from the dmesg.boot file.
To the best of my knowledge, I'm using CVSup, pkgdb -F, and portupgrade
commands correctly.
But, I'm pretty sure I'm
Good news about the wget-devel I wasnt aware it was been updated
again, when this problem first occured both versions of wget were
affected.
It appears in nighly security logs so can get annoying after a while.
Chris
On 5/21/05, Thomas Hurst [EMAIL PROTECTED] wrote:
* Tony Shadwick ([EMAIL
* Chris ([EMAIL PROTECTED]) wrote:
This annoys me as well, I expect portaudit to alert me when an update
is available to fix an exploit, but wget has no update so what is the
point of the warning, there also seems to be no way to shut it up.
portaudit_fixed is only for OS bugs (i.e.
On Saturday 21 May 2005 06:29 am, Robert S wrote:
8I've just started playing around with FreeBSD. One of my main
priorities of an OS is ease of upgrading. If I run portaudit, I get
a list of insecure packages (here is an excerpt from the output):
Affected package: firefox-1.0.3,1
Type of
I'd like to see it done, but I know just enough sh scripting to be
dangerous. ;)
If it were perl I'd be all over it. Any takers? :)
On Sat, 21 May 2005, Thomas Hurst wrote:
* Chris ([EMAIL PROTECTED]) wrote:
This annoys me as well, I expect portaudit to alert me when an update
is
On Sat, May 21, 2005 at 01:29:11PM +, Robert S wrote:
8I've just started playing around with FreeBSD. One of my main
priorities of an OS is ease of upgrading. If I run portaudit, I get a
list of insecure packages (here is an excerpt from the output):
Affected package: firefox-1.0.3,1
* Tony Shadwick ([EMAIL PROTECTED]) wrote:
I'd like to see it done, but I know just enough sh scripting to be
dangerous. ;)
If it were perl I'd be all over it. Any takers? :)
Well, the relevent bit is actually written in awk :)
The attached patch seems to do the trick. Note
* Robert S [2005-05-21 13:29 -]
Are fixes not necessarily made available when security vulnerabilities
are found?
No, fixes are not *necessarily* made available, although the most often
are. As Kent pointed out, your specific problem should long be fixed. See
the thread about portaudit
This annoys me as well, I expect portaudit to alert me when an update
is available to fix an exploit, but wget has no update so what is the
point of the warning, there also seems to be no way to shut it up.
Chris
On 5/17/05, Tony Shadwick [EMAIL PROTECTED] wrote:
This is driving me nuts. I
On Fri, 20 May 2005 13:43:29 +0100
Chris [EMAIL PROTECTED] wrote:
This annoys me as well, I expect portaudit to alert me when an update
is available to fix an exploit, but wget has no update so what is the
point of the warning, there also seems to be no way to shut it up.
Chris
On
Thomas S. Crum wrote:
Is there something that I am not updating that portaudit
would like to see
done or is this just a generic warning. Either way, please provide
examples of what I might due to have it stop complaining. I
can find no
examples googling the portaudit note below.
# Here's
Thomas S. Crum - AAA Web Solution, Inc. wrote:
Is there something that I am not updating that portaudit would like to see
done or is this just a generic warning. Either way, please provide
examples of what I might due to have it stop complaining. I can find no
examples googling the portaudit note
On Fri, 10 Dec 2004 09:19:15 -0500, Thomas S. Crum - AAA Web Solution,
Inc. [EMAIL PROTECTED] wrote:
Is there something that I am not updating that portaudit would like to see
done or is this just a generic warning. Either way, please provide
examples of what I might due to have it stop
On Wed, Sep 08, 2004 at 10:01:23AM -0500, Chris wrote:
While running portaudit, I get the complaint;
Affected package: FreeBSD-502010
Type of problem: multiple vulnerabilities in the cvs server code.
Reference:
Matthew Seaman wrote:
On Wed, Sep 08, 2004 at 10:01:23AM -0500, Chris wrote:
While running portaudit, I get the complaint;
Affected package: FreeBSD-502010
Type of problem: multiple vulnerabilities in the cvs server code.
Reference:
hi,
actually I have many fetchaudit daily script running from previous days:
root1310 0.0 0.1 1088 536 ?? I 6Apr04 0:00.02 /bin/sh
/usr/local/etc/periodic/daily/330.fetchaudit
root 68392 0.0 0.1 1088 536 ?? I 7Apr04 0:00.02 /bin/sh
this is the problem:
fetch: ftp://ftp.cz.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/eik/auditfile.tbz:
Syntax
error, command unrecognized
I have my mailbox full of error like these over half gigs for each cron
report and this is generating traffic
thanks
Rick
On Tue, 13 Apr 2004,
On Wed, 14 Apr 2004 12:30:58 -0600 (MDT)
RJ45 [EMAIL PROTECTED] wrote:
this is the problem:
fetch: ftp://ftp.cz.FreeBSD.org/pub/FreeBSD/ports/local-distfiles/eik/auditfile.tbz:
Syntax
error, command unrecognized
I have my mailbox full of error like these over half gigs for each cron
On Tue, 13 Apr 2004 14:04:04 -0600 (MDT)
RJ45 [EMAIL PROTECTED] wrote:
Hello,
I installed portaudit.
Since I installed it I noticed there are always ESTABLISHED connections to
some ftp servers:
tcp4 0 20 venus.51739freebsd.utcluj.r.ftp
ESTABLISHED
tcp4 0
41 matches
Mail list logo