From owner-freebsd-stable@FreeBSD.ORG Sun Jun 13 00:03:08 2004 Return-Path: Delivered-To: freebsd-stable@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 69B7B16A4CE for ; Sun, 13 Jun 2004 00:03:08 +0000 (GMT) Received: from main.gmane.org (main.gmane.org [80.91.224.249]) by mx1.FreeBSD.org (Postfix) with ESMTP id 036D343D48 for ; Sun, 13 Jun 2004 00:03:08 +0000 (GMT) (envelope-from freebsd-stable@m.gmane.org) Received: from list by main.gmane.org with local (Exim 3.35 #1 (Debian)) id 1BZISd-000415-00 for ; Sun, 13 Jun 2004 02:02:55 +0200 Received: from ns-ilmail3.ns-systems.com ([62.90.139.134]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 13 Jun 2004 02:02:55 +0200 Received: from haim by ns-ilmail3.ns-systems.com with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for ; Sun, 13 Jun 2004 02:02:55 +0200 X-Injected-Via-Gmane: http://gmane.org/ To: freebsd-stable@freebsd.org From: Haim Ashkenazi Date: Sun, 13 Jun 2004 03:02:52 +0300 Lines: 41 Message-ID: References: <40CB2BC2.4070201@mac.com> Mime-Version: 1.0 Content-Type: text/plain; charset=ISO-8859-1 Content-Transfer-Encoding: 8bit X-Complaints-To: usenet@sea.gmane.org X-Gmane-NNTP-Posting-Host: ns-ilmail3.ns-systems.com User-Agent: Pan/0.14.2.91 (As She Crawled Across the Table (Debian GNU/Linux)) Sender: news Subject: Re: keeping my freebsd secure... X-BeenThere: freebsd-stable@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: Production branch of FreeBSD source code List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sun, 13 Jun 2004 00:03:08 -0000 On Sat, 12 Jun 2004 12:13:54 -0400, Chuck Swiger wrote: > Haim Ashkenazi wrote: >> 1. I need to follow the security advisories to see if there are >> vulnerabilities in the base system (I didn't find any regarding 4.10, am I >> right?) > > It's certainly a good idea, yes. There's a list just for security > announcements, although anyone who follows CERT or bugtrak or other security > lists are likely to see issues appear from various places. > > Decide whether to follow RELENG_4 or RELENG_4_10. this is another thing I'm confused about. if I stay with RELENG_4_10, would I get security updates? does this also affect the ports? [ ... ] >> how do I update my ports without breaking anything and without downtime >> for important services (apache, mysql, etc...)? the one port I >> installed from pre-compiled binary (screen) took 99% cpu, and I had to >> compile it so it'll work ok. so how do I upgrade any of the above >> daemons without having to uninstall -> compile -> reinstall (which >> takes a long time). > > portupgrade does "compile -> uninstall -> reinstall", which interrupts > the affected software only for a few seconds. Note that it might still > be a good idea to shutdown and restart the service yourself directly. I've tried to upgrade with portupgrade the three packages that according to portaudit have problems (mc, png, mysql-client). the response was that there's no need to upgrade (version stays the same). do I stay with these versions and try to upgrade every day (until a fix will be released) or is there some setting I have to change in order to access a newer version? [...] sorry if these are basic questions, I'm sure that I can find all the answers on the web but as I said before, I have to make this server up and running in 2 days and I want at least to keep it safe... thanx -- Haim