Date: Fri, 16 Mar 2001 12:59:34 -0500 From: Garance A Drosihn <drosih@rpi.edu> To: Peter McGarvey <peterm@vianetworks.co.uk>, freebsd-security <freebsd-security@FreeBSD.ORG> Subject: Re: What's vunerable? Message-ID: <p05010402b6d8036d7f8a@[128.113.24.47]> In-Reply-To: <3AB1DBF9.C721E3D6@vianetworks.co.uk> References: <3AB1DBF9.C721E3D6@vianetworks.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
At 9:25 AM +0000 3/16/01, Peter McGarvey wrote: >I've just inherited several FreeBSD boxes. The versions range >from 3.2_RELEASE to 4.1_RELEASE. > >On the BSD boxes I already maintain I cvsup and make world on >a monthly basis - or as soon as I see a CERT advisory that I >know relates to something that can bite. But the inherited >boxes need a lot of work, and I cannot guarantee to "The Powers >That Be" that a make world wont break the box. I would buy one new box. Use that to build a new version of one of your existing boxes, and replace that system. If nothing breaks, you're in good shape. If something breaks, you still have the original box to fall back on. Fix whatever breaks until all the pieces are up and working. Then use that box to build the replacement for the next system. Repeat process. I would feel much safer with machines built from scratch, where you know what's on them and how they got that way. Also, if you have a wide variety of systems like that, it is almost certain that at least one of them will "have issues" if you try to just upgrade them in place with the latest buildworld. Not necessarily due to the buildworld process itself, but because you don't know the current state of those machines, and you don't know what customizations have been done and why they were done. -- Garance Alistair Drosehn = gad@eclipse.acs.rpi.edu Senior Systems Programmer or gad@freebsd.org Rensselaer Polytechnic Institute or drosih@rpi.edu To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?p05010402b6d8036d7f8a>