Whenever you install a port, you might see this:
===> Vulnerability check disabled, database not found
That’s because ports have the ability to be automatically checked for vulnerabilities as they are built. To enable this functionality, we need to install portaudit.
Portaudit maintains a database of port vulnerabilities. It can be used to audit currently installed ports and also automatically check ports on build. Sounds good doesn’ it, so let’s get started!
First, make sure your ports are up to date and then:
# cd /usr/ports/security/portaudit
# make install clean
Once it is installed, we need to make sure that it’s database is kept up to date. By default, a script is installed into /usr/local/etc/periodic/security/ which is executed by cron daily. However, we want to start using it straight away so we force it to download the latest data:
# portaudit -F
We can also check when this data was created:
# portaudit -d
Database created: Tue Dec 30 04:12:01 CST 2008
And finally, we can get it to audit all of our currently installed ports:
# portaudit -a
0 problem(s) in your installed packages found.
If you attempt to build a port with a vulnerability, it will stop at the security check and advise you to update your ports tree and try again 