Staying up to date with security patches

Ed Flecko edflecko at
Fri Jul 2 19:55:26 UTC 2010

Hi folks,
I've carefully read many different sources about keeping FreeBSD up to
date, and I'm not quite "crystal-clear".

I'm building a server with 8.0, and because it's a server, it will
have very little software installed on it (probably Apache, maybe
BIND, etc.), and my primary concern is that it's stable and secure
from a "patching perspective" (I'll work on "hardening" the OS later).

Since I will be doing a custom kernel at some point, I won't use
freebsd-update, I'm using cvsup instead.

If I understand the docs correctly, I want my "supfile" (in my case,
I'm simply modifying "stable-supfile") file to have an entry like:
*default release=cvs tag=RELENG_8_0

1.) The _0 will keep me up to date with the security patches, which is
what I'm after, right?

2.) How often "should" one synchronize your server (PC, etc.)? You
don't need to do it daily with cron, do you? I've subscribed to the
FreeBSD security update list, so that's probably the only time one
really needs to synchronize, rebuild, etc., isn't it?

3.) What's the smartest way to keep your installed applications
updated (i.e., Apache, BIND, etc.)?

4.) Finally, where's the best URL to scour past FreeBSD posts/answers?

Thank you!


More information about the freebsd-questions mailing list