Best practises in maintaining a small system

[Steve P.]

Greetings, I want to learn how to maintain a small server environment,
focusing on installation and maintanance of kernel and software. My scope
in this exercise is limited to a small ftp server in a production
environment. I believe this means I want to track "security" branch. What
I imagine is having two boxes: test and production. But for this
exercise, the two systems will really be one or two disk drives I can
swap out of one box. I don't want to consider users in this exercise. I
am not looking for a cookbook explanation, but just tips and/or
references to other doc to make this work. I have read the handbook
nearly cover to cover, and have a well read copy of Complete Fbsd. Please
make ref's to any of these or other doc. While I am a newbie, I have used
these tools somewhat effectively: cvsup and supfiles, pkg_add,
portupgrade, portsnap, portaudit, freebsd-update, built ports using make,
config'ed and built kernels. System Installation:1. Using ISO 1 of the
Fbsd 386 Release 6.0 CD, install the developer distribution. a. The
screen says "full sources", does this mean kernel and base sources? b. I
am confused about userland. Is userland everything you install, plus
ports, except the kernel? c. Should I slice my drive and partition it at
this point for the test environment? 2. Configure networking, add users,
etc and finish initial installation, verify system runs and has
connectivity. 3. Should I stop here to update any software that has been
added to this point? a. I know from working with freebsd-update that
there are security fixes for the kernel. What is best practise to get the
kernel secure again? On one of my present boxes, I had used sysintall
to populate /usr/src/sys (I think) with kernel sources. Would I do this
now? I have only used the "traditional" method of cd
/usr/src/sys/i386/compile/TESTKERNEL, then make depend install etc. b.
What is the procedure at this point to get userland right? (Assuming
userland is all but kernel) c. Where does cvsup's src/all come into this?
4. Use portsnap fetch/extract to get /usr/ports to make install clean the
very few ports that would be needed on this ftp server. Post installation
1. Mount the test hard drive and copy production to test. a. Are there
any tips on the best way to copy drives? I want to be able to boot the
test system just like the production system to test updates, etc. 2. Now,
using the test environment, what is the best procedure to keep abreast of
kernel and userland issues? 3. What is the procedure to "recompile" my
system to keep the kernel and userland up to date? I realize that this
process is usually contrained by "don't fix what ain't broken", and the
need to keep the server up nearly 24/7. I hope this is not too much to
bite off in one email. If so, I will still appreciate any tips. Best
Regards,Steve.

-- 
___________________________________________________
Play 100s of games for FREE! http://games.mail.com/