From owner-freebsd-questions Fri Apr 19 7:34:14 2002 Delivered-To: freebsd-questions@freebsd.org Received: from blacklamb.mykitchentable.net (ekgr-dsl2-92.citlink.net [207.173.226.92]) by hub.freebsd.org (Postfix) with ESMTP id 8897D37B400 for ; Fri, 19 Apr 2002 07:34:06 -0700 (PDT) Received: from bigdaddy (bigdaddy [192.168.1.3]) by blacklamb.mykitchentable.net (Postfix) with SMTP id 4E66BEE5A1 for ; Fri, 19 Apr 2002 07:34:05 -0700 (PDT) Message-ID: <01c501c1e7af$41de8640$0301a8c0@bigdaddy> From: "Drew Tomlinson" To: Subject: Tracking Source on Multiple Machines (Was Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip) Date: Fri, 19 Apr 2002 07:34:05 -0700 MIME-Version: 1.0 Content-Type: text/plain; charset="iso-8859-1" Content-Transfer-Encoding: 7bit X-Priority: 3 X-MSMail-Priority: Normal X-Mailer: Microsoft Outlook Express 6.00.2600.0000 X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2600.0000 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG ----- Original Message ----- From: "Ken McGlothlen" To: "Brett Glass" Cc: "Christopher Schulte" ; Sent: Thursday, April 18, 2002 12:08 PM Subject: Re: FreeBSD Security Advisory FreeBSD-SA-02:21.tcpip I have a question on this and am moving it to -questions where it is more appropriate. > Brett Glass writes: > > | Alas, this is not an acceptable solution. > | > | I realize that many people use FreeBSD on non-mission-critical systems, or to > | tinker with, and can afford downtime. But we need to create and maintain > | production machines. > | > | I hope that you can understand that doing a CVSup and then rebuilding the > | world every night (slowing the system to a crawl in the process and creating > | a system which might or might not be 100% stable) is not an acceptable > | solution. > > Actually, it's not as bad as it might seem. I suspect what's got you upset is > the thought of having to do a make buildworld on every machine. I can tell you > how to avoid that. > > What I've done in the past is to use NFS to export /usr from my fastest > machine. Let's assume you want to keep a Class C network at 192.168.3.0 > updated. > > /etc/exports: > > /usr -alldirs -maproot=0:10 -network 192.168.3 -mask 255.255.255.0 > > Then, on the machines you want to keep updated, you'd mount /usr/src and > /usr/obj from that build machine. I've tried this by mounting with shlight. Although not NFS, the principle is the same, right? > Now, on the fast box, type > > # cd /usr/src > # make buildworld > > Churn, churn, churn. None of your production machines are impacted; only the > fast box handling the build. > > I should also note that you may want to move *all* your kernel configuration > files over to the fast box, into /sys/i386/conf (if you're running x86/Pentium/ > AMD boxes). > > Once the build is done, pick a machine you want to update. Let's assume it's > called wibble, and it's kernel configuration file is called WIBBLE. > > On the fast box, type > > # make buildkernel KERNCONF=WIBBLE > > Once that's done, go to Wibble, shut down the services on it (what you want to > do is essentially bring it down to single-user mode, but still keep NFS > running), and type the following: > > # cd /usr/src > (Remember, that's the directory that actually resides on the > fast box) > # make installworld > (Which installs the new operating system.) > # make installkernel KERNCONF=WIBBLE > (Which installs the new kernel.) > # reboot I actually do the make installkernel part first because that's the "official" way, IIRC. However, I don't think it should matter much. Anyway, the installkernel goes fine. Then when trying the installworld, I get this error: -------------------------------------------------------------- >>> Installing everything.. -------------------------------------------------------------- cd /usr/src; make -f Makefile.inc1 install ===> share/info ===> include if [ -h /usr/include/cam ]; then rm -f /usr/include/cam; fi if [ -h /usr/include/msdosfs ]; then rm -f /usr/include/msdosfs; fi if [ -h /usr/include/net ]; then rm -f /usr/include/net; fi if [ -h /usr/include/netatalk ]; then rm -f /usr/include/netatalk; fi if [ -h /usr/include/netatm ]; then rm -f /usr/include/netatm; fi if [ -h /usr/include/netgraph ]; then rm -f /usr/include/netgraph; fi if [ -h /usr/include/netinet ]; then rm -f /usr/include/netinet; fi if [ -h /usr/include/netinet6 ]; then rm -f /usr/include/netinet6; fi if [ -h /usr/include/netipx ]; then rm -f /usr/include/netipx; fi if [ -h /usr/include/netkey ]; then rm -f /usr/include/netkey; fi if [ -h /usr/include/netnatm ]; then rm -f /usr/include/netnatm; fi if [ -h /usr/include/netncp ]; then rm -f /usr/include/netncp; fi if [ -h /usr/include/netns ]; then rm -f /usr/include/netns; fi if [ -h /usr/include/netsmb ]; then rm -f /usr/include/netsmb; fi if [ -h /usr/include/nfs ]; then rm -f /usr/include/nfs; fi if [ -h /usr/include/ntfs ]; then rm -f /usr/include/ntfs; fi if [ -h /usr/include/nwfs ]; then rm -f /usr/include/nwfs; fi if [ -h /usr/include/pccard ]; then rm -f /usr/include/pccard; fi if [ -h /usr/include/posix4 ]; then rm -f /usr/include/posix4; fi if [ -h /usr/include/sys ]; then rm -f /usr/include/sys; fi if [ -h /usr/include/vm ]; then rm -f /usr/include/vm; fi if [ -h /usr/include/fs/smbfs ]; then rm -f /usr/include/fs/smbfs; fi if [ -h /usr/include/isofs/cd9660 ]; then rm -f /usr/include/isofs/cd9660; fi if [ -h /usr/include/ufs/ffs ]; then rm -f /usr/include/ufs/ffs; fi if [ -h /usr/include/ufs/mfs ]; then rm -f /usr/include/ufs/mfs; fi if [ -h /usr/include/ufs/ufs ]; then rm -f /usr/include/ufs/ufs; fi if [ -h /usr/include/dev/ppbus ]; then rm -f /usr/include/dev/ppbus; fi if [ -h /usr/include/dev/usb ]; then rm -f /usr/include/dev/usb; fi if [ -h /usr/include/machine ]; then rm -f /usr/include/machine; fi mtree -deU -f /usr/src/include/../etc/mtree/BSD.include.dist -p /usr/include cd /usr/src/include/../sys; install -C -o root -g wheel -m 444 cam/*.h /usr/include/cam Illegal instruction - core dumped *** Error code 132 Stop in /usr/src/include. *** Error code 1 If I do the cd /usr/src/include/../sys ... command by hand I don't receive an error. If I build on the actual machine, the installworld process runs just fine. Any ideas why I'm having trouble? Is there some reason shlight (smb) mounts won't work while NFS will? I'd really like to get this resolved so I don't have to continue to run builds on my poor old 486. :) Thanks, Drew To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message