Maintaining a FreeBSD system - Workcycle

Tim Judd tajudd at gmail.com
Thu May 7 03:48:31 UTC 2009 

On Wed, May 6, 2009 at 6:43 PM, Kalle Møller <kalle.moller at gmail.com> wrote:

> Hi
>
> I'm looking for a generel guide / howto for maintaining a FreeBSD
> system - not all the ports, just the base system. One that describe
> how often you should update your port-tree, which basic ports like
> audit you should have. Its a server I have that runs different
> services, so I'm also looking for cronjobs that I could make the
> system mail to me incase of something.
>
> In very few words maintain automatic .
>
> Hope you have some guides out there
>
> --
>
> Med Venlig Hilsen
>
> Kalle R. Møller
>


It will vary per person.  It will vary by said person's workload.  But I
tend to use a couple of basic principles.

1) NEVER let your system lapse to End of Life.
    a) it's easier now that freebsd-update exists and is part of base.
    b) reading the impact section in the security announcements that are
mailed to you, and if they affect you, perform the update immediately... not
"ASAP"
2) Install portaudit and watch the periodic mailings that are sent to you.
They list vulnerabilities in ports that really should be addressed.  Knowing
that for each notification portaudit sends to you, it WILL affect some
service.  Schedule the update ASAP, but I never let it go past a week.


The outline above is my own view, I don't expect anyone to share them, I
don't mind if they inherit them.

So you want to know when to update the ports tree?  when a vulnerability
exists and an updated/patched version of the port is then in the ports
tree.  portaudit gets fresh databsae updates, and rescans your ports at each
run of the periodic script.  Portaudit itself doesn't care about what
version the ports tree has, it cares about the version you have installed on
your box.



I dislike automation -- when something is automated and it fails, how
disastrous can it be?  What is missing, due to a failed automation?  Last
night my backup script at work didn't backup anything.  An unused tape was
reported as available, yet the backup didn't run.  I had no backups to work
off of.  This script worked fine for the past 3 months, why fail now?

Because of this, even if it IS more work, I tend to do things by hand.  Less
risk, IMHO.

Good luck, and ask questions if you need to.

More information about the freebsd-questions mailing list