From owner-freebsd-questions Sat May 27 23:45:22 2000 Delivered-To: freebsd-questions@freebsd.org Received: from snoopy.brwn.org (intgw1.brwn.org [196.28.127.66]) by hub.freebsd.org (Postfix) with ESMTP id 7A5EF37B6A5 for ; Sat, 27 May 2000 23:45:15 -0700 (PDT) (envelope-from willem@brwn.org) Received: from brwn.org (grumpy.brwn.org [192.168.1.10]) by snoopy.brwn.org (Postfix) with ESMTP id 37DDB3ACA; Sun, 28 May 2000 08:45:06 +0200 (SAST) Message-ID: <3930C071.D934DA30@brwn.org> Date: Sun, 28 May 2000 08:45:05 +0200 From: Willem Brown Organization: Brwn.ORG X-Mailer: Mozilla 4.7 [en] (X11; U; Linux 2.2.13 i586) X-Accept-Language: en MIME-Version: 1.0 To: John Daniels Cc: freebsd-questions@freebsd.org Subject: Re: 4.0-RELEASE to 4.0-STABLE upgrade References: <20000528035005.32721.qmail@hotmail.com> Content-Type: text/plain; charset=us-ascii Content-Transfer-Encoding: 7bit Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG Hi, You should rather disable telnet and use only ssh. Why not disable inetd completely, unless you are going to use a service that runs from inetd. Have a look at the simple firewall setup in the /etc/rc.firewall script this should give you a place to start. Regards Willem Brown John Daniels wrote: > > Hi: > > I just did an upgrade to STABLE. I just wanted to check what I did was OK. > > First, the handbook says to do the following order: > 1. backup > 2. CVsup > 3. check /etc/make.conf and /etc/group > 4. drop to single-user mode > 5. remove /usr/obj > 6. make world (or make buildworld and make installworld) > 7. update /etc, /dev, (and optionally /stand) > 8. compile and install a new kernel > 9. reboot (with fastboot) > > ****** WHAT I DID DIFFERENTLY ******** > 1. I used mergemaster for updating /etc. > > 2. www.freebsddiary.com has description of going from 4.0-RELEASE to STABLE > and provides a script for doing so. The description and script shows that > compiling and installing a new kernel (#8 above) comes *AFTER* make world > (#6 above) - and *BEFORE* updating /etc. Thus, according to them, #8 comes > before #7 in the above list. > > 3. Oops! I removed /usr/obj *AFTER* the make world, not before. I tried to > redo make world but after a few messages (which seemed unimportant) it told > me that the proc tables were full. I then compiled and installed a new > kernel without any noticeable problems. > > 4. NOTE: For me, /etc/make.conf has only one line: "USA_RESIDENT=YES". > Apparantly /etc/defaults/make.conf is what needs to be edited (after being > copied to /etc.) Since I had not figured this out beforehand, I was unable > to uncomment out CFLAGS and NOPROFILE as instructed in the Handbook. > > I have booted into, and am writing to you from, STABLE. Whatever I may have > done wrong, so far I have not seen any (noticeable) problems. > > QUESTION: > Will my system be OK? Will any of the above cause any problems (especially > removing /usr/obj before making and installing the kernel) > > FOLLOWUP: > Now that I have gone through the process of upgrading, I am looking into > security. What is the easiest, most obvious (as in "duh!, why didn't you > ...") steps to take to guard security. My setup is very simple: my home PC > connected to a router with DSL service. I am the only user. > > I would like to use this machine as a web server and mail server, but I > don't have anyone ftp-ing in (but I need to ftp out to retrieve files from > time to time), logging in remotely, telnet-ing in, etc. Do I just modify > inet.conf and/or hosts.allow to deny those services? How difficult is it to > add a firewall like IPfilter? > > I will look into security in the handbook, of course, but all comments are > welcome. > > Thanks in advance for all replies. > > John > > PS > *THANKS* to all the FreeBSD developers who have contributed to this awesome > system. The more I learn about it the more I am impressed. > > ________________________________________________________________________ > Get Your Private, Free E-mail from MSN Hotmail at http://www.hotmail.com > > To Unsubscribe: send mail to majordomo@FreeBSD.org > with "unsubscribe freebsd-questions" in the body of the message -- |--------------LINUX & *BSD, the CHOICE is yours--------------| To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message