(1) Install cvsup
If you never upgraded freebsd ports collection then first step is required; otherwise skip this step and goto step # 2
#pkg_add -r cvsup-without-gui
CVSup is a software package for distributing and updating collections of files (ports) across a network.
(2) Update ports collection/tree
#cvsup -L 2 -h cvsup9.FreeBSD.org /usr/share/examples/cvsup/ports-supfile
Above step will take some to fetch files and
it will update your ports collection.
Note if you got an error as follows:
"Rejected by server: Access limit exceeded; try again later
Will retry at 01:36:41"
Running the cvsup command later agian will download and apply all the recent changes to your Ports Collection, except actually rebuilding the ports for your own system. Next time you will see howto use the portupgrade utility to upgrade installed ports.
Update: You can use portsnap command. It is an alternative system for distributing the Ports Collection. It was first included in FreeBSD 6.0. Install portsnap as follows:
#pkg_add -r portsnap
Please Note Before Installing Ports enable Security Port Auditing to avoid any
A port called portaudit provides a system to check if installed ports are listed in a database of published security vulnerabilities. After installation it will update this security database automatically and include its reports in the output of the daily security run. If you get message like as follows
Vulnerability check disabled, database not found
Then you need enable this small port:
1)Install port auditing (login as root)
# cd /usr/ports/security/portaudit
2) Install portaudit:
# make install
3) Fetch the database so that port auditing get activated immediately. By default it install a shell script 'portaudit' in /usr/local/etc/periodic/security/:
4) portaudit script automatically get called via FreeBSD's periodic (cron job) facility. So your database get updated automatically eyerday.
5) Portaudit in action. Let us assum you would like to install port called sudo. If it has known vulnerabilities it will not install sudo:
# cd /usr/ports/security/sudo
# make install
===> sudo-220.127.116.11 has known vulnerabilities:#/usr/local/sbin/portaudit -Fda
=> sudo -- local race condition vulnerability.
=> Please update your ports tree and try again.
*** Error code 1
Stop in /usr/ports/security/sudo.
This will list if any installed packages are affected.