[src/trunk]: src/share/man/man5 Document the new package-related maintenance ...

[jmmv <jmmv%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/c1105d6062a3
branches:  trunk
changeset: 750947:c1105d6062a3
user:      jmmv <jmmv%NetBSD.org@localhost>
date:      Tue Jan 19 22:08:52 2010 +0000

description:
Document the new package-related maintenance options and security checks
in daily.conf and security.conf.

diffstat:

 share/man/man5/daily.conf.5    |  15 ++++++++++++---
 share/man/man5/security.conf.5 |  17 ++++++++++++++---
 2 files changed, 26 insertions(+), 6 deletions(-)

diffs (95 lines):

diff -r 9037fff53b4b -r c1105d6062a3 share/man/man5/daily.conf.5
--- a/share/man/man5/daily.conf.5       Tue Jan 19 22:08:16 2010 +0000
+++ b/share/man/man5/daily.conf.5       Tue Jan 19 22:08:52 2010 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: daily.conf.5,v 1.24 2009/10/28 02:31:44 snj Exp $
+.\"    $NetBSD: daily.conf.5,v 1.25 2010/01/19 22:08:52 jmmv Exp $
 .\"
 .\" Copyright (c) 1996 Matthew R. Green
 .\" All rights reserved.
@@ -24,7 +24,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd August 30, 2008
+.Dd January 19, 2010
 .Dt DAILY.CONF 5
 .Os
 .Sh NAME
@@ -58,7 +58,7 @@
 (Note that you should never edit
 .Pa /etc/defaults/daily.conf
 directly, as it is often replaced during system upgrades.)
-.Bl -tag -width purge_accounting
+.Bl -tag -width fetch_pkg_vulnerabilities
 .It Sy find_core
 This runs
 .Xr find 1
@@ -136,6 +136,11 @@
 .Xr skeyaudit 1
 program to check the S/Key database and informs users of S/Keys that
 are about to expire.
+.It Sy fetch_pkg_vulnerabilities
+Refreshes the local database of package vulnerabilities.
+See the settings in
+.Xr security.conf 5
+for details on the actual package checks.
 .El
 .Pp
 The variables described below can be set to modify the tests:
@@ -163,6 +168,10 @@
 If set, the report generated by the
 .Sy run_security
 phase will always be sent, even if it is empty.
+.It Sy pkgdb_dir
+Location of the packages database.
+Defaults to
+.Pa /var/db/pkg .
 .El
 .Sh FILES
 .Bl -tag -width /etc/defaults/daily.conf -compact
diff -r 9037fff53b4b -r c1105d6062a3 share/man/man5/security.conf.5
--- a/share/man/man5/security.conf.5    Tue Jan 19 22:08:16 2010 +0000
+++ b/share/man/man5/security.conf.5    Tue Jan 19 22:08:52 2010 +0000
@@ -1,4 +1,4 @@
-.\"    $NetBSD: security.conf.5,v 1.33 2008/05/29 14:51:25 mrg Exp $
+.\"    $NetBSD: security.conf.5,v 1.34 2010/01/19 22:08:52 jmmv Exp $
 .\"
 .\" Copyright (c) 1996 Matthew R. Green
 .\" All rights reserved.
@@ -24,7 +24,7 @@
 .\" OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 .\" SUCH DAMAGE.
 .\"
-.Dd May 29, 2006
+.Dd January 19, 2010
 .Dt SECURITY.CONF 5
 .Os
 .Sh NAME
@@ -46,7 +46,7 @@
 .Pa /etc/daily.conf .
 .Pp
 The variables described below can be set to "NO" to disable the test:
-.Bl -tag -width check_network
+.Bl -tag -width check_pkg_vulnerabilities
 .It Sy check_passwd
 This checks the
 .Pa /etc/master.passwd
@@ -151,6 +151,17 @@
 This includes files such as
 .Pa /etc/master.passwd .
 .El
+.It Sy check_pkg_vulnerabilities
+Checks the currently installed packages against a database of known
+vulnerabilities and reports those that are vulnerable.
+Check the
+.Sy fetch_pkg_vulnerabilities
+setting in
+.Xr daily.conf 5
+to keep the database up to date.
+.It Sy check_pkg_signatures
+Checks the digital signature of all files installed by packages against
+the expected values stored in the packages database.
 .El
 .Pp
 The variables described below can be set to modify the tests: