Re: FreeBSD Security Survey
Quoth Garance A Drosihn on Wed, May 24, 2006 at 15:40:23 -0400 The answer is: build host + jails for a testing environment... This'll reduce your actual downtime. Did you just tell him to get another computer for each arch to have as a build machine??? Being a broke college student I don't think that's something I'd ever do to install updates on my boxes. I can't afford another computer just to build updates when every other OS I use does updates in another way If you are a college student with a few machines that you work with, then you can afford some downtime. Why? Just because I am from a mathematics department with no money for hardware at all does not mean that our VLE does not have to run all the time. So, same question with three machines: home, office and off shore server. How do I keep them all up to date without having to run the patches three times?... BTW, I consider pre-compiled packages to good (easy to install, etc...) and bad (no fine tuning, etc...) while compile are good for exactly the opposite reasons. Not sure which is best. -- [EMAIL PROTECTED] -=*=- www.kierun.org PGP: 009D 7287 C4A7 FD4F 1680 06E4 F751 7006 9DE2 6318 pgpPyeb2Fq7FK.pgp Description: PGP signature
Re: FreeBSD Security Survey
Quoth Roger Marquis on Tue, May 23, 2006 at 08:53:00 -0700 Peter Jeremy wrote: One of the major problems with unattended/automatic updating is that it is hard to filter them. It's hard to make a good case for automatic updates when manual updates are so easy. So, here is a question: I have three machines, all on different hardware but with the same version of FreeBSD that are updated manually. Now, how about I get a dozen machines... How do I do that in a reasonable amount of time? -- [EMAIL PROTECTED] -=*=- www.kierun.org PGP: 009D 7287 C4A7 FD4F 1680 06E4 F751 7006 9DE2 6318 pgpSPATkPocE9.pgp Description: PGP signature
Re: FreeBSD Security Advisory FreeBSD-SA-05:21.openssl
Quoth Timothy Smith on Wed, Oct 12, 2005 at 17:39:46 +1000 the make world documents mentioning backing up your system. it fails to give any preffered methods or utilites for doing this. anyone got some input on that. I find rdiff-backup to be very good indeed. It's in the port tree. -- [EMAIL PROTECTED] -=*=- www.kierun.org PGP: 009D 7287 C4A7 FD4F 1680 06E4 F751 7006 9DE2 6318 pgp7plZz7Exj8.pgp Description: PGP signature
Re: newbie with www user security problem
Quoth Ken Hawkins on Thu, Aug 11, 2005 at 11:32:44 -0400 The box is secure that much i have found out. the only problems have been with this email spamming. nothing in the tmp dirs out of the ordinary and no missing files running scripts etc. I have changed everyone passwords on the box. *'d the www password, ensured there is no shell with the www user, etc. Have you run chkrootkit on it? i am in the process of upgrading the ports now and there are problems (of course). the ports seem to have been mangled as the listing in / var/db/ports does not match what i KNOW is running on the box. The person i have inherited this from manually deleted from the /var/db/ ports to get some of the applications to re-install! gotta love that! ICK! Make sure you database is fine otherwise, you'll get into no end of trouble. well here i come port fix hell! This is a production box and can't be taken off line as of this moment so i am going to have to attempt on the fly fixing / upgrading of the ports. i would love to wipe it but it is just not a possibility right now. Oh dear. How about living it as is -- minus the spam emailer -- and rebuilding another one to replace it? -- [EMAIL PROTECTED] -=*=- www.kierun.org PGP: 009D 7287 C4A7 FD4F 1680 06E4 F751 7006 9DE2 6318 pgpQ60ySBmqNQ.pgp Description: PGP signature