NAME
pkg audit —
audit installed packages against known
vulnerabilities
SYNOPSIS
pkg audit |
[-Fqr] [-f
filename] pkg-name |
pkg audit |
[--{fetch,quiet,recursive}]
[--file filename]
pkg-name |
DESCRIPTION
pkg audit checks installed packages for known
vulnerabilities and generates reports including references to security
advisories. Its intended audience is system administrators and individual
users.
pkg audit uses a database maintained by
port committers and the FreeBSD security team to check if security
advisories for any installed packages exist. Note that a current ports tree
(or any local copy of the ports tree) is not required for operation.
The URL that is used to fetch the database can be overridden via the VULNXML_SITE config variable. See pkg.conf(5) for more information.
If you have a vulnerable package installed, you are advised to update or deinstall it immediately.
Supplying a pkg-name will audit only that package.
OPTIONS
The following options are supported by pkg
audit:
-ffilename,--filefilename- Use filename as the local copy of the
vulnerability database. If used in combination with
-Fdownload the vulnerability database to the named filename before auditing installed ports against it. -F,--fetch- Fetch the database before checking.
-q,--quiet- Be ``quiet''. Prints only the requested information without displaying many hints.
-r,--recursive- Prints packages that depend on vulnerable packages and are thus potentially vulnerable as well.
ENVIRONMENT
The following environment variables affect the execution of
pkg audit. See
pkg.conf(5) for further description.
PKG_DBDIRVULNXML_SITE
FILES
See pkg.conf(5).
SEE ALSO
pkg_printf(3), pkg_repos(3), pkg-repository(5), pkg.conf(5), pkg(8), pkg-add(8), pkg-annotate(8), pkg-autoremove(8), pkg-backup(8), pkg-check(8), pkg-clean(8), pkg-config(8), pkg-convert(8), pkg-create(8), pkg-delete(8), pkg-fetch(8), pkg-info(8), pkg-install(8), pkg-lock(8), pkg-query(8), pkg-register(8), pkg-repo(8), pkg-rquery(8), pkg-search(8), pkg-set(8), pkg-shell(8), pkg-shlib(8), pkg-ssh(8), pkg-stats(8), pkg-update(8), pkg-updating(8), pkg-upgrade(8), pkg-version(8), pkg-which(8)