Dec 30
avoid-vulnerabilities-with-port-auditing

Whenever you install a port, you might see this:

===> Vulnerability check disabled, database not found

That’s because ports have the ability to be automatically checked for vulnerabilities as they are built.  To enable this functionality, we need to install portaudit.

Portaudit maintains a database of port vulnerabilities.  It can be used to audit currently installed ports and also automatically check ports on build.  Sounds good doesn’ it, so let’s get started!

Read the rest of this entry »

Posted in basic tips, cvsup, freebsd, ports, portsnap, security | No Comments »
Oct 16
rip-cvsup

CVSup - slow, painful, annoying (imho, prove me wrong!).

For the last year or so I’ve exclusively used Portsnap.  From the handbook:

Portsnap is a system for securely distributing the FreeBSD ports tree. Approximately once an hour, a “snapshot” of the ports tree is generated, repackaged, and cryptographically signed. The resulting files are then distributed via HTTP.

Read the rest of this entry »

Posted in cvsup, freebsd, ports, portsnap | 1 Comment »