keeping my freebsd secure... THANX
Haim Ashkenazi
haim at babysnakes.org
Sun Jun 13 23:51:42 GMT 2004
On Mon, 2004-06-14 at 01:05, Adrian Urquhart wrote:
> On Mon, 14 Jun 2004, Haim Ashkenazi wrote:
>
> [snip]
>
> Hi
>
> Just to add my own general comment to all the fun you've been having.
> I've been using FreeBSD since 3.2 and I gave up using the ports to keep
> stuff up to date - it just never worked right for me, plus, many of the
> ports install things in "non-standard" places - in fact, if I remember,
> the Apache port was one of them.
>
> Instead, I'll install everything from source. I feel it works better and
> gives me more control over things, along with a better chance of fixing
> stuff if it goes wrong. For example, with Apache, installing it from
> source puts everything into /usr/local/apache (of course, you can change
> this) by default.
>
> Maybe I've been using the port management tools incorrectly, but I just
> don't have confidence in them. And of course, installing from source
> means your system is always up to date as you don't need to wait for
> ports to catch up with a new release of something.
>
> Like everyone else I use CVS to keep the main source tree up to date and
> so far that has worked really well. The machines I admin are 500 miles
> away so usually I'll CVSup to a single machine, build world and kernels
> on it, install its world and kernel, then reboot it to make sure it
> comes up Ok. Then, SSH into the build machine and from there SSH in to
> the others via their private interfaces. This lets me close the external
> interfaces while I install their worlds and kernels over NFS (at LAN
> speeds, this doesn't take long) then reboot and off we go. Hopefully. I
> always have someone standing by just in case a machine doesn't come
> back, and the only time he was needed was when I'd screwed something up.
>
> The system I admin has machines running Apache, BIND, pure-ftpd,
> PostgreSQL, heavily modified qmail system, and a lot of code written by
> me (C/C++) (it's a small ISP with several thousand cable users).
>
> Anyway, best of luck in your ventures - FreeBSD is an excellent server
> platform, and I use it as a desktop machine for software development.
> Just keep up to date with the advisories and you'll be Ok. Just out of
> interest, my choice of Linux would be Gentoo (I'm writing this on a
> SPARC64 running Gentoo).
Personally I use debian for the last 3 years. I've been using linux for
about 7 years as my only desktop, and I've used LinuxPPC (for macs)
RedHat, Suse, Mandrake and finally I started using debian and I'm using
it until now. I'm using 'stable' for servers and 'unstable' for my
desktop. I didn't try gentoo yet...
what's you're saying is very disturbing... I only moved to FreeBSD
because debian stable releases a new version once in a long time (more
then two years now) and my web clients are annoyed with having an "old"
php (4.1.2), and since I want security and stability with minimum hassle
for my servers I thought FreeBSD would be a good solution. if I need to
download and compile application from source (and then having to audit
many resources to find about security vulnerabilities and bugs), well, I
can do that on debian. no need to spend time learning how to secure and
maintain a new operating system...
anyway, thanx for your input...
--
Haim
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20040614/3e824873/attachment.bin
More information about the freebsd-stable
mailing list