From owner-freebsd-security Fri Mar 16 2:19:58 2001 Delivered-To: freebsd-security@freebsd.org Received: from closed-networks.com (shady.org [195.153.248.241]) by hub.freebsd.org (Postfix) with SMTP id 766A137B718 for ; Fri, 16 Mar 2001 02:19:55 -0800 (PST) (envelope-from marcr@closed-networks.com) Received: (qmail 88777 invoked by uid 1000); 16 Mar 2001 10:23:02 -0000 Date: Fri, 16 Mar 2001 10:23:02 +0000 From: Marc Rogers To: freebsd-security@FreeBSD.ORG Subject: Re: What's vunerable? Message-ID: <20010316102302.V10016@shady.org> References: <3AB1DBF9.C721E3D6@vianetworks.co.uk> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline User-Agent: Mutt/1.2.4i In-Reply-To: <3AB1DBF9.C721E3D6@vianetworks.co.uk>; from peterm@vianetworks.co.uk on Fri, Mar 16, 2001 at 09:25:13AM +0000 Sender: owner-freebsd-security@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org on the subject of updating a large number of freebsd boxes... I just thought I would throw my twopence worth in, as while working for a number of entirely freebsd based isps a few years ago, I had to deal with exactly this problem. Making world in situ on production servers is a game of russian roulette. Most fo the time it works, but the older the starting version, the harder it becomes. The safest way to synchronise a large number of boxes (in my view) is to play a shell game with them. Take one clean box and install freebsd and whatever base software you need. Then migrate the customer data from one of your older boxes onto this new one. When you are comfortable that the new box can replace the old one completely, shut down the old one and bring up the interfaces on the replacement. Next take the box you just replaced, and after backing everything up, reinstall the os. Use this box to upgrade another. and so on. When you get the hang of it, it becomes quite a swift process. Please ensure that you do back everything up though, as I can guaruntee you will forget something. If you need any futher help, feel free to mail me. Marc Rogers Head of Network Operations & Security EDC Group To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-security" in the body of the message