Date: Sat, 11 Mar 2006 09:50:56 +0100 From: "lars@gmx.at" <lars@gmx.at> Cc: FreeBSD Questions Mailing List <freebsd-questions@freebsd.org> Subject: Re: Local portaudit server. Message-ID: <44128F70.60607@gmx.at> In-Reply-To: <226ae0c60603101111r75775ea9n3c791d933c5954da@mail.gmail.com> References: <226ae0c60603101111r75775ea9n3c791d933c5954da@mail.gmail.com>
next in thread | previous in thread | raw e-mail | index | archive | help
David Robillard wrote: > Hello, > > We use the port security/portaudit on all of our FreeBSD servers. > Currently, every machine has to out on the internet to download the > portaudit vulnerability database from the FreeBSD server. > > Since all of the machines are downloading the exact same file, we > would like to setup a local portaudit server. This server would fetch > the vulnerabilty file and all the rest of our servers would fetch it > from the local portaudit server. > > Has anyone done this setup? Any help/pointers would be great. Hi I haven't done it but I don't think it should be a problem: If you look at the portaudit script /usr/local/sbin/portaudit you'll find that the auditfile is located here: http://www.freebsd.org/ports/auditfile.tbz You can get it manually, try. So by changing some variables in portaudit_confs() { : ${portaudit_dir="/var/db/portaudit"} : ${portaudit_filename="auditfile.tbz"} : ${portaudit_fetch_env=""} : ${portaudit_fetch_cmd="fetch -1mp"} : ${portaudit_sites="http://www.FreeBSD.org/ports/"} : ${portaudit_fixed=""} if [ -r /usr/local/etc/portaudit.conf ]; then . /usr/local/etc/portaudit.conf fi } on each machine you should be able to guide them to your local machine. hth lars.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?44128F70.60607>