Date: Sat, 12 Jun 2004 12:02:00 +0300 From: Haim Ashkenazi <haim@babysnakes.org> To: freebsd-stable@freebsd.org Subject: keeping my freebsd secure... Message-ID: <pan.2004.06.12.09.01.59.52173@babysnakes.org>
next in thread | raw e-mail | index | archive | help
Hi I just installed FreeBSD 4.10 (my first one) and I fail to see the "big picture" about keeping my system up-to-date with security fixes. I read some relevant sections in the handbook, mailing list entries etc... and here's what I understand: 1. I need to follow the security advisories to see if there are vulnerabilities in the base system (I didn't find any regarding 4.10, am I right?) 2. I installed portaudit to tell me if there are vulnerabilities in the ports. 3. there are some tools (don't remember their names) that automatically downloads and installs upgrades. these are all bits and pieces I got here and there, but I'm looking for a document that describes all the aspects of keeping my system up-to-date with security. here are some of the things I don't fully understand: how do I update my ports without breaking anything and without downtime for important services (apache, mysql, etc...)? the one port I installed from pre-compiled binary (screen) took 99% cpu, and I had to compile it so it'll work ok. so how do I upgrade any of the above daemons without having to uninstall -> compile -> reinstall (which takes a long time). also, if the PNG library having vulnerabilities (as it is now on my system) and I update the ports and compile it, do I have to update all the ports or only this one (will php break if I won't upgrade it)? basically I'm looking for some kind of mechanism that acts more or less like my debian system (please don't start a flame war here, it's just the system I'm using now...) and that includes notifications of security updates, very minimal downtime (a second or two) and most important I'm always sure that my configurations are valid (in debian it's achieved by never upgrading the version of the package, only patching for security fixes). I'll appreciate any input on this, because I have to setup the system as production server in 2 days... thanx -- Haim
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?pan.2004.06.12.09.01.59.52173>