Include::RAWblog

To secure a server or desktop it’s not just a matter of making all systems updates. You need to update and “watch” all installed application as kown as third part software.

After talking with some guys about the “*VuXML Project*”:http://www.vuxml.org/freebsd/ ( Vulnerabilities and Exposures Markup Language ), I have decided to write a ultra-litle step by step “memory note”.

But what is this *VuXML* for!?

Simple: is an XML application for documenting security issues in a software package collection such as the FreeBSD Ports Collection or OpenBSD Ports & Packages Collection.

So in practice, If you find a security hole in some application, you can submite a XML entrie to this project and then if some user arround the world (with “security/portaudit”:http://people.freebsd.org/~eik/portaudit/ installed and updated), tries to install or upgrade that application, he gets an alert about the security hole presente in that application/version.
But it may happen the other way arround too and that’s great!

Now the base instructions:

First update your ports collection:

$cvsup -g -L 2 /usr/share/examples/cvsup/standard-supfile

Install of portaudit:

$cd /usr/ports/security/portaudit ; make install clean

Check installed ports for known vulnerabilities:

$rehash (if you are using csh)

$portaudit -Fda

And get rid off all affected packages!

Finaly, in some cases perhaps in your latpot, you may need to install a port with some security hole. To do this with portaudit installed, you need to force that installation.

Forcing some app to install with a security hole:

$cd /usr/ports/CATEGORY/SOMEPORT

$make DISABLE_VULNERABILITIES=yes install clean

Well, it’s all folks