Date: Mon, 14 Jun 2004 02:51:33 +0300 From: Haim Ashkenazi <haim@babysnakes.org> To: Adrian Urquhart <adrian@devnet-uk.net> Cc: freebsd-stable@freebsd.org Subject: Re: keeping my freebsd secure... THANX Message-ID: <1087170692.20776.16.camel@parker.babysnakes.org> In-Reply-To: <Pine.LNX.4.58.0406132246220.10258@sparc64.devnet.co.uk> References: <pan.2004.06.12.09.01.59.52173@babysnakes.org> <pan.2004.06.13.21.44.37.195654@babysnakes.org> <Pine.LNX.4.58.0406132246220.10258@sparc64.devnet.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
--=-Az06dejv7jPf+Rcq4Zbx Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Mon, 2004-06-14 at 01:05, Adrian Urquhart wrote: > On Mon, 14 Jun 2004, Haim Ashkenazi wrote: >=20 > [snip] >=20 > Hi >=20 > Just to add my own general comment to all the fun you've been having.=20 > I've been using FreeBSD since 3.2 and I gave up using the ports to keep=20 > stuff up to date - it just never worked right for me, plus, many of the=20 > ports install things in "non-standard" places - in fact, if I remember,=20 > the Apache port was one of them.=20 >=20 > Instead, I'll install everything from source. I feel it works better and=20 > gives me more control over things, along with a better chance of fixing=20 > stuff if it goes wrong. For example, with Apache, installing it from=20 > source puts everything into /usr/local/apache (of course, you can change=20 > this) by default. >=20 > Maybe I've been using the port management tools incorrectly, but I just=20 > don't have confidence in them. And of course, installing from source=20 > means your system is always up to date as you don't need to wait for=20 > ports to catch up with a new release of something. >=20 > Like everyone else I use CVS to keep the main source tree up to date and > so far that has worked really well. The machines I admin are 500 miles > away so usually I'll CVSup to a single machine, build world and kernels > on it, install its world and kernel, then reboot it to make sure it > comes up Ok. Then, SSH into the build machine and from there SSH in to > the others via their private interfaces. This lets me close the external > interfaces while I install their worlds and kernels over NFS (at LAN > speeds, this doesn't take long) then reboot and off we go. Hopefully. I > always have someone standing by just in case a machine doesn't come > back, and the only time he was needed was when I'd screwed something up. >=20 > The system I admin has machines running Apache, BIND, pure-ftpd,=20 > PostgreSQL, heavily modified qmail system, and a lot of code written by=20 > me (C/C++) (it's a small ISP with several thousand cable users). >=20 > Anyway, best of luck in your ventures - FreeBSD is an excellent server=20 > platform, and I use it as a desktop machine for software development.=20 > Just keep up to date with the advisories and you'll be Ok. Just out of=20 > interest, my choice of Linux would be Gentoo (I'm writing this on a=20 > SPARC64 running Gentoo). Personally I use debian for the last 3 years. I've been using linux for about 7 years as my only desktop, and I've used LinuxPPC (for macs) RedHat, Suse, Mandrake and finally I started using debian and I'm using it until now. I'm using 'stable' for servers and 'unstable' for my desktop. I didn't try gentoo yet... what's you're saying is very disturbing... I only moved to FreeBSD because debian stable releases a new version once in a long time (more then two years now) and my web clients are annoyed with having an "old" php (4.1.2), and since I want security and stability with minimum hassle for my servers I thought FreeBSD would be a good solution. if I need to download and compile application from source (and then having to audit many resources to find about security vulnerabilities and bugs), well, I can do that on debian. no need to spend time learning how to secure and maintain a new operating system... anyway, thanx for your input... --=20 Haim --=-Az06dejv7jPf+Rcq4Zbx Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQBAzOiEhwMtGgRKzT0RAmioAJ9z/dZNoDvnE8qVKQj35Zshq6sr4gCdFcAZ WJLJmP7pRfzZYgq85U7ruHU= =Cds4 -----END PGP SIGNATURE----- --=-Az06dejv7jPf+Rcq4Zbx--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1087170692.20776.16.camel>