From owner-freebsd-questions@FreeBSD.ORG Thu May 7 03:48:31 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 5432B106564A for ; Thu, 7 May 2009 03:48:31 +0000 (UTC) (envelope-from tajudd@gmail.com) Received: from mail-qy0-f105.google.com (mail-qy0-f105.google.com [209.85.221.105]) by mx1.freebsd.org (Postfix) with ESMTP id 09FDA8FC15 for ; Thu, 7 May 2009 03:48:30 +0000 (UTC) (envelope-from tajudd@gmail.com) Received: by qyk3 with SMTP id 3so1142907qyk.3 for ; Wed, 06 May 2009 20:48:30 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:in-reply-to:references :from:date:message-id:subject:to:cc:content-type; bh=glbqTQAxfDmLqBdMQL+PEcnwfnjuypXCNYMxpaRv4MI=; b=RgnJuF9bRRKwVwhdS6UVBrIpZI0QB9R2oeS7RMr/tHUJ3uN85B2tHEejfq99wlCDEC PdPli/e8OB2FDV9Ja/tmLLfJilJ11MgTds2y5Z2/aUQnDWQ1yqa0Ei7BrpF4WZ5pYVMc 7m6RniRKRhlz5BbpadzYN3yy4AA0SsxYsE5WY= DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type; b=k58DfPjlL+Y69Twej08qukeI1tICurnhh3KfheOSgVckfsaetu/I0e6Y6N+pEcpK8x KsXs5Q0mt4xgxCL5jZizKTs2SRCsTUuUfxXf0PwjAw2K40iyGOv4NJOlHs9BajSPmlHG u0u6YaFfELdR3lzqxvhEQkw6AEMponvQZUx2w= MIME-Version: 1.0 Received: by 10.220.86.129 with SMTP id s1mr4198434vcl.109.1241668110180; Wed, 06 May 2009 20:48:30 -0700 (PDT) In-Reply-To: <8250ac3f0905061743l21a9a87fv9ca3aa50cb176873@mail.gmail.com> References: <8250ac3f0905061743l21a9a87fv9ca3aa50cb176873@mail.gmail.com> From: Tim Judd Date: Wed, 6 May 2009 21:48:10 -0600 Message-ID: To: =?ISO-8859-1?Q?Kalle_M=F8ller?= Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: quoted-printable X-Content-Filtered-By: Mailman/MimeDel 2.1.5 Cc: freebsd-questions@freebsd.org Subject: Re: Maintaining a FreeBSD system - Workcycle X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 May 2009 03:48:31 -0000 On Wed, May 6, 2009 at 6:43 PM, Kalle M=F8ller wro= te: > Hi > > I'm looking for a generel guide / howto for maintaining a FreeBSD > system - not all the ports, just the base system. One that describe > how often you should update your port-tree, which basic ports like > audit you should have. Its a server I have that runs different > services, so I'm also looking for cronjobs that I could make the > system mail to me incase of something. > > In very few words maintain automatic . > > Hope you have some guides out there > > -- > > Med Venlig Hilsen > > Kalle R. M=F8ller > It will vary per person. It will vary by said person's workload. But I tend to use a couple of basic principles. 1) NEVER let your system lapse to End of Life. a) it's easier now that freebsd-update exists and is part of base. b) reading the impact section in the security announcements that are mailed to you, and if they affect you, perform the update immediately... no= t "ASAP" 2) Install portaudit and watch the periodic mailings that are sent to you. They list vulnerabilities in ports that really should be addressed. Knowin= g that for each notification portaudit sends to you, it WILL affect some service. Schedule the update ASAP, but I never let it go past a week. The outline above is my own view, I don't expect anyone to share them, I don't mind if they inherit them. So you want to know when to update the ports tree? when a vulnerability exists and an updated/patched version of the port is then in the ports tree. portaudit gets fresh databsae updates, and rescans your ports at eac= h run of the periodic script. Portaudit itself doesn't care about what version the ports tree has, it cares about the version you have installed o= n your box. I dislike automation -- when something is automated and it fails, how disastrous can it be? What is missing, due to a failed automation? Last night my backup script at work didn't backup anything. An unused tape was reported as available, yet the backup didn't run. I had no backups to work off of. This script worked fine for the past 3 months, why fail now? Because of this, even if it IS more work, I tend to do things by hand. Les= s risk, IMHO. Good luck, and ask questions if you need to.