Date: Sat, 4 Jul 1998 10:13:40 -0700 (PDT) From: Roger Marquis <marquis@roble.com> To: "'freebsd-isp@freebsd.org'" <freebsd-isp@FreeBSD.ORG> Subject: Re: Upgrading systems Message-ID: <Pine.SUN.3.96.980704095331.24552A-100000@roble.com> In-Reply-To: <c=US%a=_%p=Orbis%l=ORBISEXCHANGE-980701134602Z-504@orbisexchange.orbisnews.com>
next in thread | previous in thread | raw e-mail | index | archive | help
The "best" way to do this IMHO is to setup the new host identically except for a different IP address. Then use rdist or rsync to copy over the application data. When everything is synchronized and tested simply swap in a new rc.conf (and optionally rc.local and sysconfig) and reboot, both hosts at the same time. If security is a major concern you might want to install the OS from CD or at least from a firewalled subnet. There is a period during a new install when an unconfigured host can be vulnerable to attack. Then again you never know where a port might be download from during the net install. We installed a corrupt wu-ftp port a few months back and found suspicious log entries (incorrect syslog timestamps and an attempt to get /etc/pwd.db) until we downloaded the master sources from wu directly. It's a good idea to check for suspicious MASTER_SITES in any port's Makefile. Roger Marquis Roble Systems Consulting http://www.roble.com/consulting On Wed, 1 Jul 1998, Sconiers, John wrote: > We just bought 3 new Unix boxes (Pentium 300's with 3 9gig SCSI hard > drives). The units will be replacing 3 old Pentium 100 boxes that run > Freebsd 2.1.7.1 and Red Hat Linux. The boxes will be doing light > news, mail, firewall, shell, DNS, www, and ftp. My experience with > installing from a boot floppy (2.2.6) on a couple of machines at home > went well, however I'm wondering if its possible for some people to > give ideas about how to install on a "PRODUCTION ENVIROMENT" where > there are security concerns as well as other issues. Also in the > newsgroup people refer to a one or more machines as sort of a code > base machine that is used to test pre production code as well. Is > this generally the practice of a Freebsd Sys-Admin. Any other help or > comments would be greatly appreciated. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.SUN.3.96.980704095331.24552A-100000>