Module Name: src
Committed By: jruoho
Date: Fri Mar 18 16:11:13 UTC 2011
Modified Files:
src/share/man/man7: security.7
Log Message:
Note the 'fetch_pkg_vulnerabilities=YES' also here. In lack of a proper
name, put this under "administrative security".
To generate a diff of this commit:
cvs rdiff -u -r1.2 -r1.3 src/share/man/man7/security.7
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/share/man/man7/security.7
diff -u src/share/man/man7/security.7:1.2 src/share/man/man7/security.7:1.3
--- src/share/man/man7/security.7:1.2 Fri Mar 18 15:32:26 2011
+++ src/share/man/man7/security.7 Fri Mar 18 16:11:13 2011
@@ -1,4 +1,4 @@
-.\" $NetBSD: security.7,v 1.2 2011/03/18 15:32:26 jruoho Exp $
+.\" $NetBSD: security.7,v 1.3 2011/03/18 16:11:13 jruoho Exp $
.\"
.\" Copyright (c) 2006, 2011 Elad Efrat <e...@netbsd.org>
.\" All rights reserved.
@@ -418,6 +418,21 @@
.Bd -literal -offset indent
# sysctl -w security.curtain=1
.Ed
+.Ss Administrative security
+Also certain administrative tasks are related to security.
+For instance, the the daily maintenance script includes some basic
+consistency checks; see
+.Xr security.conf 5
+for more details.
+In particular, it is possible to configure
+.Nx
+to automatically audit all third-party packages installed via
+.Xr pkgsrc 7 .
+To audit for any known vulnerabilities on daily basis, set the following in
+.Fa /etc/daily.conf :
+.Bd -literal -offset indent
+fetch_pkg_vulnerabilities=YES
+.Ed
.Sh SEE ALSO
.Xr ssp 3 ,
.Xr options 4 ,
