Date: Mon, 14 Jun 2004 00:44:38 +0300 From: Haim Ashkenazi <haim@babysnakes.org> To: freebsd-stable@freebsd.org Subject: Re: keeping my freebsd secure... THANX Message-ID: <pan.2004.06.13.21.44.37.195654@babysnakes.org> References: <pan.2004.06.12.09.01.59.52173@babysnakes.org>
next in thread | previous in thread | raw e-mail | index | archive | help
thanx everyone, you've been very helpful. I just finished upgrading and I now hopefully have a more or less secure system (at least until tomorrow... :). A few thoughts though (in the eyes of a FreeBSD newbie, I'm sure some of these have elegant solution): the upgrading process was a lot of trouble (even after I knew what to do). although portupgrade didn't break anything or cause a long downtime there were (and actually are ) some errors: 1. php4 didn't upgrade because it depends on apache 1.3.29_3 and I just upgraded apache to 1.3.31... this isn't a major problem except the fact that I'm not sure if it'll work ok... 2. apache+mod-ssl changed the starting procedure from '/usr/local/etc/rc.d' to rc.conf (as it said in the UPGRADE file), it didn't say anywhere during the installation that it's restarting apache, so I had to do it myself. this was not a problem cause I knew it was going to be updated, but what if it was upgraded as a dependency? I would have to run portupgrade interactively which takes a long time when you have more then one computer. btw, how do you stop/start a daemon that is run from rc.conf (except from killing it and searching for the arguments in rc.conf, or sending it SIGHUP)? 3. the most annoying thing is that after all the upgrades (apache, mc, and mysql) I get an error every time I boot (or run rc.firewall manually): ----------------------------------- Starting standard daemons: inetd cron sshdnt: not found sendmail-submit sendmail-clientmqueue. Initial rc.i386 initialization:. Configuring syscons: blanktime. Additional ABI support:. Local package initialization:nt: not found Starting apache. ------------------------------------- I'm talking about the "nt: not found" error in the first and next to last lines. I still have to trace where it comes from... (there is the option that it was there before and I didn't notice it). the thing that is most difficult for me to get used to is the idea that no one tested these packages before. I can upgrade a port only to find out it's very buggy (and I find out by getting angry calls from my clients...). anyway, I think I'll buy a newer book and hope it'll clear some issues for me. I would like to get some input though from the experience of those of you who maintain a few different servers (each perform a different task) and all of them serve general public (so I can't just "do it at night"). is it safe? how often did something actually break? etc... again, thanx a lot for your help. -- Haim
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?pan.2004.06.13.21.44.37.195654>