Date: Sun, 13 May 2001 19:58:35 +0200 From: Erik Trulsson <ertr1013@student.uu.se> To: freebsd-stable@FreeBSD.ORG Subject: Re: Running Stable on remote production server Message-ID: <20010513195835.A20679@student.uu.se> In-Reply-To: <NEBBJFPJOMGCGNBMJMCHCEKGCCAA.nospam@hiltonbsd.com>; from nospam@hiltonbsd.com on Sun, May 13, 2001 at 12:15:03PM -0500 References: <20010513181834.A19888@student.uu.se> <NEBBJFPJOMGCGNBMJMCHCEKGCCAA.nospam@hiltonbsd.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, May 13, 2001 at 12:15:03PM -0500, Stephen Hilton wrote: > Regarding a "quiet" system, would ipfilter, ipnat, ipmon, snort, > named, qualify as O.K. processes to be running while the installworld > is taking place via SSH in multi-user mode. They are probably O.K. Personally I would probably kill named anyway just in case (and it shouldn't be needed during the installworld.) The other I have no experience with so I don't know. Most of the time you could probably get away with doing an installworld without preventing any logins or killing any processes. Note: *Most* of the time, not all the time. Better safe than sorry. > > > Otherwise you will have to disable further logins (see shutdown(8) or > > nologin(5) for info on how to do this) and then manually kill most > > processes. (Just be careful not to kill your own shell or sshd :-) ) One problem I just noticed here. It appears as if sshd will allow logins even when one of the files /etc/nologin or /var/run/nologin exists which is contrary to the manpage for sshd(8). This is probably a bug somewhere. A workaround is to kill the parent sshd process. This will prevent any further logins via sshd. (in the listing below that would be pid 191) > > I have already modified the source tree so ipfilter 3.4.17 is the > installed version, not 3.14.16 which comes as default. And the named > version would remain the same. > > > and then manually kill most processes. > > What are some guidelines for which process's to kill > example ps -wwaux output follows: Primarily processes which might start other processes on their own. So inetd and cron should definitely be killed. Starting a new process when you are installing the executable for that program or installing shared libraries which it needs is probably not a good idea. Any programs which might read/write to files that are updated by mergemaster is also probably a good idea to kill. Most programs read from /etc only when they are started and few write there so this is probably not a big problem. > > USER PID %CPU %MEM VSZ RSS TT STAT STARTED TIME COMMAND > root 1 0.0 0.0 532 0 ?? ILs Sat10AM 0:00.09 /sbin/init -- > root 2 0.0 0.0 0 0 ?? DL Sat10AM 0:00.76 (pagedaemon) > root 3 0.0 0.0 0 0 ?? DL Sat10AM 0:00.00 (vmdaemon) > root 4 0.0 0.0 0 0 ?? DL Sat10AM 0:00.30 (bufdaemon) > root 5 0.0 0.0 0 0 ?? DL Sat10AM 0:01.73 (syncer) > root 30 0.0 0.0 208 0 ?? Is Sat10AM 0:00.00 adjkerntz -i > root 163 0.0 0.2 936 204 ?? Ss 3:36PM 0:00.25 syslogd -s -s > bind 167 0.0 0.3 2404 416 ?? Is 3:36PM 0:00.30 /usr/sbin/named -u b > ind -g bind > root 186 0.0 0.0 1028 0 ?? Is 3:36PM 0:00.00 inetd -wW > root 188 0.0 0.1 980 172 ?? Ss 3:36PM 0:00.26 /usr/sbin/cron > root 191 0.0 0.0 2176 12 ?? Is 3:36PM 0:00.87 /usr/sbin/sshd > root 218 0.0 0.0 900 0 ?? Is 3:36PM 0:00.00 moused -p /dev/psm0 > -t auto > root 246 0.0 0.1 912 68 ?? Ss 3:36PM 0:01.29 /sbin/ipmon > root 262 0.0 0.0 944 0 v2 Is+ 3:36PM 0:00.00 /usr/libexec/getty P > c ttyv2 > root 262 0.0 0.0 944 0 v2 Is+ 3:36PM 0:00.00 /usr/libexec/getty P > c ttyv2 > root 263 0.0 0.0 944 0 v3 Is+ 3:36PM 0:00.02 /usr/libexec/getty P > c ttyv3 > root 264 0.0 0.0 944 0 v4 Is+ 3:36PM 0:00.01 /usr/libexec/getty P > c ttyv4 > root 265 0.0 0.0 944 0 v5 Is+ 3:36PM 0:00.01 /usr/libexec/getty P > c ttyv5 > root 266 0.0 0.0 944 0 v6 Is+ 3:36PM 0:00.00 /usr/libexec/getty P > c ttyv6 > root 267 0.0 0.0 944 0 v7 Is+ 3:36PM 0:00.00 /usr/libexec/getty P > c ttyv7 > root 363 0.0 0.0 944 0 v1 Is+ 3:59PM 0:00.01 /usr/libexec/getty P > c ttyv1 > root 364 0.0 0.0 636 24 v0 Is+ 3:59PM 0:00.03 -sh (sh) > root 35092 0.0 0.2 2260 224 ?? S 11:32AM 0:00.22 sshd: root@ttyp2 (ss > hd) > root 35093 0.0 0.2 636 280 p2 Ss 11:33AM 0:00.05 -sh (sh) > root 53642 0.0 1.7 13616 2136 ?? Ss 11:52AM 0:01.42 /usr/local/bin/snort > root 0 0.0 0.0 0 0 ?? DLs Sat10AM 0:00.02 (swapper) > > > > Single-user mode is not really necessary to do an installworld/mergemaster. > > What is required is that the machine is "quiet", meaning no other users are > > logged in and no programs that might interfere with the installation should > > be running. > > For a machine to which one has access to the console the easiest way of > > accomplishing this is going to single-user mode. > > > Otherwise you will have to disable further logins (see shutdown(8) or > > nologin(5) for info on how to do this) and then manually kill most > > processes. (Just be careful not to kill your own shell or sshd :-) ) > > > Then you should be able do an installworld/mergemaster. > > Stephen Hilton > -- <Insert your favourite quote here.> Erik Trulsson ertr1013@student.uu.se To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-stable" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20010513195835.A20679>