Bart Silverstrim wrote: > On Mar 8, 2004, at 12:15 PM, Ioannis Vranos wrote: > >Is there any utility in FreeBSD 4.9 to check for possible updates/bug > >fixes > >via internet? > > > > I *think* have have kind of a handle on this on the server I just > installed... > > I usually do a cvsup to update the list of the ports tree, then use a > procedure I picked out of http://www.freebsddiary.org/portupgrade.php > to update applications with portupgrade. > > If anyone else has a method other than this, I'd love to know the > procedure :-)
For third party applications, portupgrade should be the tool of choice... > This only updates ports. Updating FreeBSD, I don't know of anything > other than if you find a security advisory, you have to have the src > tree and patch that portion and recompile whatever had the > vulnerability, following the advisory instructions. I'm thinking that > since most daemons/applications are from ports, keeping your ports tree > updated should limit most remote exploits...I would be interested in > knowing of a way to check whether the installation of the OS is up to > date, though. This is what the so-called security branches are good for: Just CVSup your source tree, do a full buildworld cycle, and you should be fine. Valid security branches (for use in your supfile) are for example RELENG_4_9 or RELENG_5_2. If you prefer binary updates, there is a special port (security/freebsd-update), but it will only work on an unaltered installation (i.e. you did not do any buildworlds), and of course, you can run the freebsd-update port incrementally. However, once you use a source based update method, the port will not work any longer, since your installation will consist of custom binaries that do not match the recorded checksums. Simon
pgp00000.pgp
Description: PGP signature
