diff --git a/etc/Makefile b/etc/Makefile index 8a4af088b10e..894d9c876d5c 100644 --- a/etc/Makefile +++ b/etc/Makefile @@ -1,4 +1,4 @@ -# $NetBSD: Makefile,v 1.344 2007/07/01 11:04:31 xtraeme Exp $ +# $NetBSD: Makefile,v 1.345 2007/07/14 19:53:52 adrianp Exp $ # from: @(#)Makefile 8.7 (Berkeley) 5/25/95 # Environment variables without default values: @@ -88,12 +88,12 @@ INSTALLATION_DIRS= binary binary/sets binary/kernel installation BINOWN= root BINGRP= wheel UTMPGRP= utmp -BIN1+= bootptab changelist csh.cshrc csh.login csh.logout daily \ - daily.conf dm.conf envsys.conf floppytab ftpchroot ftpusers \ - gettytab group hosts hosts.lpd inetd.conf lkm.conf locate.conf \ - login.conf mailer.conf man.conf monthly monthly.conf mrouted.conf \ - named.conf netconfig networks newsyslog.conf nsswitch.conf ntp.conf \ - passwd.conf phones printcap profile protocols \ +BIN1+= audit-packages.conf bootptab changelist csh.cshrc csh.login \ + csh.logout daily daily.conf dm.conf envsys.conf floppytab ftpchroot \ + ftpusers gettytab group hosts hosts.lpd inetd.conf lkm.conf \ + locate.conf login.conf mailer.conf man.conf monthly monthly.conf \ + mrouted.conf named.conf netconfig networks newsyslog.conf \ + nsswitch.conf ntp.conf passwd.conf phones printcap profile protocols \ rbootd.conf rc rc.conf rc.lkm rc.local rc.subr rc.shutdown remote rpc \ security security.conf services shells shrc sysctl.conf syslog.conf \ weekly weekly.conf wscons.conf diff --git a/etc/audit-packages.conf b/etc/audit-packages.conf new file mode 100644 index 000000000000..94f7f76027b5 --- /dev/null +++ b/etc/audit-packages.conf @@ -0,0 +1,78 @@ +# $NetBSD: audit-packages.conf,v 1.1 2007/07/14 19:53:52 adrianp Exp $ + +# +# sample configuration file for audit-packages(8) and +# download-vulnerability-list(8) +# + +# GPG +# +# Specifies the full path to the gpg tool that will be used for verifying +# the signature on the downloaded pkg-vulnerabilities file. +# +# Used by: audit-packages download-vulnerability-list +# Supported: /path/to/gpg +# Default: GPG="/usr/pkg/bin/gpg" + +# PKGVULNDIR +# +# Specifies the directory the pkg-vulnerabilities file is located in. +# +# Used by: audit-packages download-vulnerability-list +# Supported: /path/to/pkg-vulnerabilities/ +# Default: PKGVULNDIR="/var/db/pkg" + +# COMPRESS_TYPE +# +# Specifies which type of compressed pkg-vulnerabilities file to +# download. You can also specify COMPRESS_TYPE="" to use +# and uncompressed version of the file. +# +# If you change this from the default you must specify a COMPRESS_TOOL. +# +# Used by: download-vulnerability-list +# Supported: gzip bzip2 (none) +# Default: COMPRESS_TYPE="gzip" + +# COMPRESS_TOOL +# +# Specifies which tool will be used when dealing with the compressed +# pkg-vulnerabilities file. +# +# Used by: download-vulnerability-list +# Supported: Any local binary that can decompress the +# pkg-vulnerabilities file to stdout +# Default: COMPRESS_TOOL="/usr/bin/gzcat" + +# FETCH_CMD +# +# Specifies the tool that will be used to fetch the pkg-vulnerabilities +# file. +# +# Used by: download-vulnerability-list +# Supported: /path/to/curl /path/to/ftp /path/to/wget /path/to/fetch +# Default: FETCH_CMD="/usr/bin/ftp" + +# FETCH_ARGS +# +# Specifies optional arguments for the download-vulnerability-list client. +# +# Used by: download-vulnerability-list +# Supported: Any valid arguments for FETCH_CMD +# Default: FETCH_ARGS= + +# FETCH_PROTO +# +# Specifies the protocol to use when fetching the pkg-vulnerabilities file. +# +# Used by: download-vulnerability-list +# Supported: ftp http +# Default: FETCH_PROTO="ftp" + +# IGNORE_URLS +# +# A list of vulnerability URLs to be ignored. +# +# Used by: audit-packages +# Supported: Valid URL(s) from pkg-vulnerabilities +# Default: IGNORE_URLS=