# portaudit -> pkg audit



## storvi_net (Feb 20, 2014)

Hello,

I started with FreeBSD 9.x by watching several tutorials.
One part of these was about a cronjob with `portaudit`, to get a mail if there are any vulnerabilities in any ports.

As I migrated to FreeBSD 10, the trial to install `portaudit`, was aborted with "use pkg audit -F".
Is there any "best practice"-Way to implement a cronjob in the daily check (`periodic`?)

Regards
Markus


----------



## Toast (Feb 20, 2014)

The default periodic script is in /usr/local/etc/periodic/security/410.pkg-audit. It's enabled by default. If not, add daily_status_security_pkgaudit_enable="YES" to /etc/periodic.conf.


----------



## storvi_net (Feb 20, 2014)

So I am "safe", when I got the daily security mail?

If I install software by using the ports-collection the result is a package which is installed by `pkg`. If I install software by using the `pkg`-Command, it is obviously also installed by `pkg`. So the `pkg audit -F` is enough?

Regards
Markus


----------



## Toast (Feb 21, 2014)

As long as pkg knows about it, `pkg audit -F` should work. So yes.


----------



## storvi_net (Feb 22, 2014)

Are there any problems / situations where a manual installed port is not recognized by pkg?

Regards
Markus


----------



## SirDice (Feb 22, 2014)

storvi_net said:
			
		

> Are there any problems / situations where a manual installed port is not recognized by pkg?


Ports will register correctly. It's things you compiled and installed from scratch (without using the ports system). Because they're not registered as being installed by the package system a `pkg audit` can't check them.


----------

