keeping my freebsd secure...

Haim Ashkenazi haim at babysnakes.org
Sun Jun 13 00:03:08 GMT 2004


On Sat, 12 Jun 2004 12:13:54 -0400, Chuck Swiger wrote:

> Haim Ashkenazi wrote:
>> 1. I need to follow the security advisories to see if there are
>> vulnerabilities in the base system (I didn't find any regarding 4.10, am I
>> right?)
> 
> It's certainly a good idea, yes.  There's a list just for security 
> announcements, although anyone who follows CERT or bugtrak or other security 
> lists are likely to see issues appear from various places.
> 
> Decide whether to follow RELENG_4 or RELENG_4_10.
this is another thing I'm confused about. if I stay with RELENG_4_10,
would I get security updates? does this also affect the ports?

 [ ... ]
>> how do I update my ports without breaking anything and without downtime
>> for important services (apache, mysql, etc...)? the one port I
>> installed from pre-compiled binary (screen) took 99% cpu, and I had to
>> compile it so it'll work ok. so how do I upgrade any of the above
>> daemons without having to uninstall -> compile -> reinstall (which
>> takes a long time).
> 
> portupgrade does "compile -> uninstall -> reinstall", which interrupts
> the affected software only for a few seconds.  Note that it might still
> be a good idea to shutdown and restart the service yourself directly.
I've tried to upgrade with portupgrade the three packages that according
to portaudit have problems (mc, png, mysql-client). the response was that
there's no need to upgrade (version stays the same). do I stay with these
versions and try to upgrade every day (until a fix will be released) or is
there some setting I have to change in order to access a newer version? 
[...]

sorry if these are basic questions, I'm sure that I can find all the
answers on the web but as I said before, I have to make this server
up and running in 2 days and I want at least to keep it safe...

thanx
-- 
Haim




More information about the freebsd-stable mailing list