keeping my freebsd secure... THANX

Haim Ashkenazi haim at
Sun Jun 13 21:44:57 GMT 2004

thanx everyone, you've been very helpful. I just finished upgrading and I
now hopefully have a more or less secure system (at least until tomorrow... :).

A few thoughts though (in the eyes of a FreeBSD newbie, I'm sure some of
these have elegant solution):

the upgrading process was a lot of trouble (even after I knew what to do).
although portupgrade didn't break anything or cause a long downtime there
were (and actually are ) some errors:
1. php4 didn't upgrade because it depends on apache 1.3.29_3 and I just
upgraded apache to 1.3.31... this isn't a major problem except the fact
that I'm not sure if it'll work ok...

2. apache+mod-ssl changed the starting procedure from
'/usr/local/etc/rc.d' to rc.conf (as it said in the UPGRADE file), it
didn't say anywhere during the installation that it's restarting apache,
so I had to do it myself. this was not a problem cause I knew it was
going to be updated, but what if it was upgraded as a dependency? I would
have to run portupgrade interactively which takes a long time when you
have more then one computer. btw, how do you stop/start a daemon that is
run from rc.conf (except from killing it and searching for the arguments
in rc.conf, or sending it SIGHUP)? 

3. the most annoying thing is that after all the upgrades
(apache, mc, and mysql) I get an error every time I boot (or run
rc.firewall manually): 
Starting standard daemons: inetd cron sshdnt: not found
 sendmail-submit sendmail-clientmqueue.
Initial rc.i386 initialization:.
Configuring syscons: blanktime.
Additional ABI support:.
Local package initialization:nt: not found 
Starting apache.
I'm talking about the "nt: not found" error in the first and next to last
lines. I still have to trace where it comes from... (there is the option
that it was there before and I didn't notice it).

the thing that is most difficult for me to get used to is the idea that
no one tested these packages before. I can upgrade a port only to find out
it's very buggy (and I find out by getting angry calls from my clients...).

anyway, I think I'll buy a newer book and hope it'll clear some issues for
me. I would like to get some input though from the experience of those of
you who maintain a few different servers (each perform a different task)
and all of them serve general public (so I can't just "do it at
night"). is it safe? how often did something actually break? etc...

again, thanx a lot for your help.

More information about the freebsd-stable mailing list