Date: Mon, 14 Jun 2004 02:51:33 +0300 From: Haim Ashkenazi <haim@babysnakes.org> To: Adrian Urquhart <adrian@devnet-uk.net> Cc: freebsd-stable@freebsd.org Subject: Re: keeping my freebsd secure... THANX Message-ID: <1087170692.20776.16.camel@parker.babysnakes.org> In-Reply-To: <Pine.LNX.4.58.0406132246220.10258@sparc64.devnet.co.uk> References: <pan.2004.06.12.09.01.59.52173@babysnakes.org> <pan.2004.06.13.21.44.37.195654@babysnakes.org> <Pine.LNX.4.58.0406132246220.10258@sparc64.devnet.co.uk>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --] On Mon, 2004-06-14 at 01:05, Adrian Urquhart wrote: > On Mon, 14 Jun 2004, Haim Ashkenazi wrote: > > [snip] > > Hi > > Just to add my own general comment to all the fun you've been having. > I've been using FreeBSD since 3.2 and I gave up using the ports to keep > stuff up to date - it just never worked right for me, plus, many of the > ports install things in "non-standard" places - in fact, if I remember, > the Apache port was one of them. > > Instead, I'll install everything from source. I feel it works better and > gives me more control over things, along with a better chance of fixing > stuff if it goes wrong. For example, with Apache, installing it from > source puts everything into /usr/local/apache (of course, you can change > this) by default. > > Maybe I've been using the port management tools incorrectly, but I just > don't have confidence in them. And of course, installing from source > means your system is always up to date as you don't need to wait for > ports to catch up with a new release of something. > > Like everyone else I use CVS to keep the main source tree up to date and > so far that has worked really well. The machines I admin are 500 miles > away so usually I'll CVSup to a single machine, build world and kernels > on it, install its world and kernel, then reboot it to make sure it > comes up Ok. Then, SSH into the build machine and from there SSH in to > the others via their private interfaces. This lets me close the external > interfaces while I install their worlds and kernels over NFS (at LAN > speeds, this doesn't take long) then reboot and off we go. Hopefully. I > always have someone standing by just in case a machine doesn't come > back, and the only time he was needed was when I'd screwed something up. > > The system I admin has machines running Apache, BIND, pure-ftpd, > PostgreSQL, heavily modified qmail system, and a lot of code written by > me (C/C++) (it's a small ISP with several thousand cable users). > > Anyway, best of luck in your ventures - FreeBSD is an excellent server > platform, and I use it as a desktop machine for software development. > Just keep up to date with the advisories and you'll be Ok. Just out of > interest, my choice of Linux would be Gentoo (I'm writing this on a > SPARC64 running Gentoo). Personally I use debian for the last 3 years. I've been using linux for about 7 years as my only desktop, and I've used LinuxPPC (for macs) RedHat, Suse, Mandrake and finally I started using debian and I'm using it until now. I'm using 'stable' for servers and 'unstable' for my desktop. I didn't try gentoo yet... what's you're saying is very disturbing... I only moved to FreeBSD because debian stable releases a new version once in a long time (more then two years now) and my web clients are annoyed with having an "old" php (4.1.2), and since I want security and stability with minimum hassle for my servers I thought FreeBSD would be a good solution. if I need to download and compile application from source (and then having to audit many resources to find about security vulnerabilities and bugs), well, I can do that on debian. no need to spend time learning how to secure and maintain a new operating system... anyway, thanx for your input... -- Haim [-- Attachment #2 --] -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.2.4 (GNU/Linux) iD8DBQBAzOiEhwMtGgRKzT0RAmioAJ9z/dZNoDvnE8qVKQj35Zshq6sr4gCdFcAZ WJLJmP7pRfzZYgq85U7ruHU= =Cds4 -----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?1087170692.20776.16.camel>