portaudit -> pkg audit

[storvi_net]

Hello,

I started with FreeBSD 9.x by watching several tutorials.
One part of these was about a cronjob with portaudit, to get a mail if there are any vulnerabilities in any ports.

As I migrated to FreeBSD 10, the trial to install portaudit, was aborted with "use pkg audit -F".
Is there any "best practice"-Way to implement a cronjob in the daily check ( periodic?)

Regards
Markus

 

[Toast]

The default periodic script is in /usr/local/etc/periodic/security/410.pkg-audit. It's enabled by default. If not, add daily_status_security_pkgaudit_enable="YES" to /etc/periodic.conf.

 

[storvi_net]

So I am "safe", when I got the daily security mail?

If I install software by using the ports-collection the result is a package which is installed by pkg. If I install software by using the pkg-Command, it is obviously also installed by pkg. So the pkg audit -F is enough?

Regards
Markus

 

[Toast]

As long as pkg knows about it, pkg audit -F should work. So yes.

 

[storvi_net]

Are there any problems / situations where a manual installed port is not recognized by pkg?

Regards
Markus

 

[SirDice]

Are there any problems / situations where a manual installed port is not recognized by pkg?

Ports will register correctly. It's things you compiled and installed from scratch (without using the ports system). Because they're not registered as being installed by the package system a pkg audit can't check them.