From owner-freebsd-questions@FreeBSD.ORG Mon Mar 8 21:57:16 2004 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id E0A8916A4CE for ; Mon, 8 Mar 2004 21:57:15 -0800 (PST) Received: from web1.hostrack.com (unknown [63.105.72.38]) by mx1.FreeBSD.org (Postfix) with ESMTP id B796A43D2D for ; Mon, 8 Mar 2004 21:57:15 -0800 (PST) (envelope-from stevei@black-star.net) Received: (qmail 27666 invoked from network); 9 Mar 2004 05:58:23 -0000 Received: from adslbt49.cofs.net (HELO altair) (66.77.169.49) by web1.hostrack.com with SMTP; 9 Mar 2004 05:58:23 -0000 Message-ID: <024101c4059b$7835d480$1a01a8c0@blackstar.net> From: "Steve Ireland" To: "FreeBSD Questions Mailing List" References: <000401c40531$0ab88de0$0100000a@liberty><2121A5DA-7125-11D8-B6F7-000A956D2452@chrononomicon.com> <404CF285.8090007@daleco.biz> Date: Tue, 9 Mar 2004 00:57:55 -0500 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 5.50.4927.1200 X-MimeOLE: Produced By Microsoft MimeOLE V5.50.4927.1200 Subject: Re: Update utility X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.1 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 09 Mar 2004 05:57:16 -0000 ----- Original Message ----- From: "Kevin D. Kinsey, DaleCo, S.P." To: "Bart Silverstrim" Cc: "Ioannis Vranos" ; "FreeBSD Questions Mailing List" Sent: Monday, March 08, 2004 17:24 Subject: Re: Update utility > Bart Silverstrim wrote: > > > > > On Mar 8, 2004, at 12:15 PM, Ioannis Vranos wrote: > > > >> Is there any utility in FreeBSD 4.9 to check for possible updates/bug > >> fixes > >> via internet? > >> > > > > I *think* have have kind of a handle on this on the server I just > > installed... > > > > I usually do a cvsup to update the list of the ports tree, then use a > > procedure I picked out of http://www.freebsddiary.org/portupgrade.php > > to update applications with portupgrade. > > > > If anyone else has a method other than this, I'd love to know the > > procedure :-) > > > > This only updates ports. Updating FreeBSD, I don't know of anything > > other than if you find a security advisory, you have to have the src > > tree and patch that portion and recompile whatever had the > > vulnerability, following the advisory instructions. I'm thinking that > > since most daemons/applications are from ports, keeping your ports > > tree updated should limit most remote exploits...I would be interested > > in knowing of a way to check whether the installation of the OS is up > > to date, though. > > > > Colin Percival has done something kinda new > and different (and interesting.....) he calls > "FreeBSD Update". I've not tried it, but IIRC > the details are at http://www.daemonology.net/freebsd-update/ > > HTH, > > Kevin Kinsey > DaleCo, S.P. > _______________________________________________ > freebsd-questions@freebsd.org mailing list > http://lists.freebsd.org/mailman/listinfo/freebsd-questions > To unsubscribe, send any mail to "freebsd-questions-unsubscribe@freebsd.org" Hello, Below is from a post to security@. It sounds like what you're looking for. I haven't tested it yet, but it my list of things to look into. HTH, Steve >On Thu, Mar 04, 2004 at 03:27:17PM +1100, Michael Vince wrote: >> Hi all >> I thought I would let you people know of a script that I coded that >> facilitates security patch updating on FreeBSD. When I wrote it I >> decided to called it Quickpatch for some reason even though because its >> source based its not necessarily the least bit quick at all :) I had >> kept it for my self for a while but I was recently provoked to release >> it as it could do greater good being out there on the net, because its >> in Perl its quite hackable for custom needs. >> >> http://www.roq.com/projects/quickpatch/ >> >> It has the ability to do a range of different update tasks. These >> features include the ability to easily verify (using PGP) any and all >> advisories, easy setup and use of CVSUP for source and ports tree >> updates. Ability to extract all the useful data out of the official >> FreeBSD security advisories, such as necessary patch commands, security >> advisory topic, exact hours since the patch was made/released, then can >> create ready to run patch files or display/email a full report of that >> information. Also, it can optionally apply the patch files with no >> attendance. Because its highly cronable you can schedule in a 'patch >> mode' kernel recompile and reboot at early morning hours to minimize >> down time inconvenience to others. > >Michael, that's terrific! We've contemplated switching to a >machine-readable format for advisories time and again. Now that >there is a tool that could make use of that, I'm going to investigate >switching again. > >Cheers, >-- >Jacques Vidrine / nectar@celabo.org / jvidrine@verio.net / nectar@freebsd.org >_______________________________________________ >freebsd-security@freebsd.org mailing list > >http://lists.freebsd.org/mailman/listinfo/freebsd-security >To unsubscribe, send any mail to "freebsd-security-unsubscribe@freebsd.org"