From owner-freebsd-questions@FreeBSD.ORG Fri May 2 05:07:53 2003 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 9E58237B401 for ; Fri, 2 May 2003 05:07:53 -0700 (PDT) Received: from gwdu60.gwdg.de (gwdu60.gwdg.de [134.76.98.60]) by mx1.FreeBSD.org (Postfix) with ESMTP id 0F4DE43FDD for ; Fri, 2 May 2003 05:07:52 -0700 (PDT) (envelope-from kheuer2@gwdg.de) Received: from gwdu60.gwdg.de (localhost [127.0.0.1]) by gwdu60.gwdg.de (8.12.8p1/8.12.4) with ESMTP id h42C7oij011827; Fri, 2 May 2003 14:07:51 +0200 (CEST) (envelope-from kheuer2@gwdg.de) Received: from localhost (kheuer2@localhost)h42C7edt011824; Fri, 2 May 2003 14:07:50 +0200 (CEST) X-Authentication-Warning: gwdu60.gwdg.de: kheuer2 owned process doing -bs Date: Fri, 2 May 2003 14:07:40 +0200 (CEST) From: Konrad Heuer To: Christian Traber In-Reply-To: <3EB25ACA.1000409@traber-net.de> Message-ID: <20030502135931.N89463-100000@gwdu60.gwdg.de> MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII cc: freebsd-questions@freebsd.org Subject: Re: [NEWBIE] security updates? X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 02 May 2003 12:07:53 -0000 On Fri, 2 May 2003, Christian Traber wrote: > I just installed freebsd5 and want to use it as a vpn-gateway. > I found some security updates, but how can I install them? > Do I really have to build everything from source? My BSD box > has only a very small HD (< 1GB) and I don't want the > downtime for a 'make world'. > > How do you make such updates on a production server? Many security updates do not require to rebuild the whole os. Maybe you need to rebuild and reinstall the kernel, which takes much less time and can be done while the server is in normal operation. Sometimes only some specific utility or daemon needs to be updated; here it is sufficient to just restart the daemon. If a full rebuild is required, you can split "make world" and still do the time-consuming "make buildworld" in normal multi-user mode; downtime is than limited to the "make installworld" process which needs much less time. If your harddisk is too small, you can make kernel and world on a different system, export /usr/src and /usr/obj via NFS and mount them on your server to install kernel and world. But you're true, you need the whole source code if you want security. Regards Konrad Heuer (kheuer2@gwdg.de) ____ ___ _______ GWDG / __/______ ___ / _ )/ __/ _ \ Am Fassberg / _// __/ -_) -_) _ |\ \/ // / 37077 Goettingen /_/ /_/ \__/\__/____/___/____/ Germany