Update utility

Steve Ireland stevei at black-star.net
Mon Mar 8 21:57:16 PST 2004


----- Original Message -----
From: "Kevin D. Kinsey, DaleCo, S.P." <kdk at daleco.biz>
To: "Bart Silverstrim" <bsilver at chrononomicon.com>
Cc: "Ioannis Vranos" <ivr at emails.ru>; "FreeBSD Questions Mailing List"
<freebsd-questions at freebsd.org>
Sent: Monday, March 08, 2004 17:24
Subject: Re: Update utility


> Bart Silverstrim wrote:
>
> >
> > On Mar 8, 2004, at 12:15 PM, Ioannis Vranos wrote:
> >
> >> Is there any utility in FreeBSD 4.9 to check for possible
updates/bug
> >> fixes
> >> via internet?
> >>
> >
> > I *think* have have kind of a handle on this on the server I just
> > installed...
> >
> > I usually do a cvsup to update the list of the ports tree, then use
a
> > procedure I picked out of
http://www.freebsddiary.org/portupgrade.php
> > to update applications with portupgrade.
> >
> > If anyone else has a method other than this, I'd love to know the
> > procedure :-)
> >
> > This only updates ports.  Updating FreeBSD, I don't know of anything
> > other than if you find a security advisory, you have to have the src
> > tree and patch that portion and recompile whatever had the
> > vulnerability, following the advisory instructions.  I'm thinking
that
> > since most daemons/applications are from ports, keeping your ports
> > tree updated should limit most remote exploits...I would be
interested
> > in knowing of a way to check whether the installation of the OS is
up
> > to date, though.
> >
>
> Colin Percival has done something kinda new
> and different (and interesting.....) he calls
> "FreeBSD Update".  I've not tried it, but IIRC
> the details are at http://www.daemonology.net/freebsd-update/
>
> HTH,
>
> Kevin Kinsey
> DaleCo, S.P.
> _______________________________________________
> freebsd-questions at freebsd.org mailing list
> http://lists.freebsd.org/mailman/listinfo/freebsd-questions
> To unsubscribe, send any mail to
"freebsd-questions-unsubscribe at freebsd.org"

Hello,

Below is from a post to security at . It sounds like what you're looking
for. I haven't tested it yet, but it my list of things to look into.

HTH,

Steve

>On Thu, Mar 04, 2004 at 03:27:17PM +1100, Michael Vince wrote:
>> Hi all
>> I thought I would let you people know of a script that I coded that
>> facilitates security patch updating on FreeBSD. When I wrote it I
>> decided to called it Quickpatch for some reason even though because
its
>> source based its not necessarily the least bit quick at all :) I had
>> kept it for my self for a while but I was recently provoked to
release
>> it as it could do greater good being out there on the net, because
its
>> in Perl its quite hackable for custom needs.
>>
>> http://www.roq.com/projects/quickpatch/
>>
>> It has the ability to do a range of different update tasks. These
>> features include the ability to easily verify (using PGP) any and all
>> advisories, easy setup and use of CVSUP for source and ports tree
>> updates. Ability to extract all the useful data out of the official
>> FreeBSD security advisories, such as necessary patch commands,
security
>> advisory topic, exact hours since the patch was made/released, then
can
>> create ready to run patch files or display/email a full report of
that
>> information. Also, it can optionally apply the patch files with no
>> attendance. Because its highly cronable you can schedule in a 'patch
>> mode' kernel recompile and reboot at early morning hours to minimize
>> down time inconvenience to others.
>
>Michael, that's terrific!  We've contemplated switching to a
>machine-readable format for advisories time and again.  Now that
>there is a tool that could make use of that, I'm going to investigate
>switching again.
>
>Cheers,
>--
>Jacques Vidrine / nectar at celabo.org / jvidrine at verio.net /
nectar at freebsd.org
>_______________________________________________
>freebsd-security at freebsd.org mailing list
>
>http://lists.freebsd.org/mailman/listinfo/freebsd-security
>To unsubscribe, send any mail to
"freebsd-security-unsubscribe at freebsd.org"



More information about the freebsd-questions mailing list