From owner-freebsd-isp Sat Jul 4 10:13:52 1998 Return-Path: Received: (from majordom@localhost) by hub.freebsd.org (8.8.8/8.8.8) id KAA19565 for freebsd-isp-outgoing; Sat, 4 Jul 1998 10:13:52 -0700 (PDT) (envelope-from owner-freebsd-isp@FreeBSD.ORG) Received: from roble.com (roble.com [207.5.40.50]) by hub.freebsd.org (8.8.8/8.8.8) with ESMTP id KAA19550 for ; Sat, 4 Jul 1998 10:13:48 -0700 (PDT) (envelope-from sendmail@roble.com) Received: from localhost (localhost [127.0.0.1]) by roble.com (Roble) with SMTP id KAA24692 for ; Sat, 4 Jul 1998 10:13:40 -0700 (PDT) Date: Sat, 4 Jul 1998 10:13:40 -0700 (PDT) From: Roger Marquis To: "'freebsd-isp@freebsd.org'" Subject: Re: Upgrading systems In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-isp@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org The "best" way to do this IMHO is to setup the new host identically except for a different IP address. Then use rdist or rsync to copy over the application data. When everything is synchronized and tested simply swap in a new rc.conf (and optionally rc.local and sysconfig) and reboot, both hosts at the same time. If security is a major concern you might want to install the OS from CD or at least from a firewalled subnet. There is a period during a new install when an unconfigured host can be vulnerable to attack. Then again you never know where a port might be download from during the net install. We installed a corrupt wu-ftp port a few months back and found suspicious log entries (incorrect syslog timestamps and an attempt to get /etc/pwd.db) until we downloaded the master sources from wu directly. It's a good idea to check for suspicious MASTER_SITES in any port's Makefile. Roger Marquis Roble Systems Consulting http://www.roble.com/consulting On Wed, 1 Jul 1998, Sconiers, John wrote: > We just bought 3 new Unix boxes (Pentium 300's with 3 9gig SCSI hard > drives). The units will be replacing 3 old Pentium 100 boxes that run > Freebsd 2.1.7.1 and Red Hat Linux. The boxes will be doing light > news, mail, firewall, shell, DNS, www, and ftp. My experience with > installing from a boot floppy (2.2.6) on a couple of machines at home > went well, however I'm wondering if its possible for some people to > give ideas about how to install on a "PRODUCTION ENVIROMENT" where > there are security concerns as well as other issues. Also in the > newsgroup people refer to a one or more machines as sort of a code > base machine that is used to test pre production code as well. Is > this generally the practice of a Freebsd Sys-Admin. Any other help or > comments would be greatly appreciated. To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-isp" in the body of the message