OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
Re: FreeBSD Security Survey

From: Marian Hettwer (MHkernel32.de)
Date: Wed May 24 2006 - 03:33:07 CDT


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Hej Yann,

Yann Golanski wrote:
> Quoth Roger Marquis on Tue, May 23, 2006 at 08:53:00 -0700
>
>>Peter Jeremy wrote:
>>
>>>One of the major problems with unattended/automatic updating is
>>>that it is hard to filter them.
>>
>>It's hard to make a good case for automatic updates when manual
>>updates are so easy.
>
>
> So, here is a question: I have three machines, all on different hardware
> but with the same version of FreeBSD that are updated manually. Now,
> how about I get a dozen machines... How do I do that in a reasonable
> amount of time?

You get yourself a build machine.
Say you have 10 amd64 machines and 10 intel boxes, well, then you'll
need one amd64 machine and one intel machine.
Set up jails on this build host. Each jail having the specific make.conf
and stuff configuration you like.
Let's say
intel machine:
jail-1 --> for your MySQL machines
jail-2 --> for your Apaches
jail-3 --> for your mailservers

go to each jail and built yourself some packages (make package). Then
use those packages to install them on your production machines.
You may want to abuse these jails to do some testing wether the packages
are okay too...

It really depends on how many machines you have, on how many different
tasks they have and on which archictures you're running.

The answer is: build host + jails for a testing environment...
This'll reduce your actual downtime.

regards,
Marian
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (Darwin)

iD8DBQFEdBpBgAq87Uq5FMsRAnAxAJ91Hwn1+D316JMQIzzFuY8vCmh7IACg0d5o
mjsNREbuXX1GrDpMcxo8JWE=
=wqUj
-----END PGP SIGNATURE-----
_______________________________________________
freebsd-securityfreebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-security
To unsubscribe, send any mail to "freebsd-security-unsubscribefreebsd.org"