7. System Maintenance
Keeping the system up-to-date and administrating day-to-day tasks
Things related to working with packages and ports
edit /etc/rc.conf
hostname="knox.berlin.tomster.org" defaultrouter="192.168.0.1" ifconfig_dc0="inet 192.168.0.2 netmask 255.255.255.0"
Note
VERY IMPORTANT! When changing the hostname you might want to check which hostname is used in your sasldb! The lookup key in sasldb involves not only the username but also the hostname! This means, that if you make changes to the hostname in rc.conf and reboot, none of your cyrus users will be able to authenticate because cyrus will now use the new hostname for creating the lookup value!
To have the correct time on your server is a pretty neat idea. Do this in /etc/rc.conf to use an ntp-server:
xntpd_enable="YES" xntpd_program="/usr/sbin/ntpd" xntpd_flags="-p /var/run/ntpd.pid"
Then in /etc/ntp.conf:
server 127.127.1.0 # local clock fudge 127.127.1.0 stratum 10 server ntp1.ptb.de server 130.133.1.10 server ntp2.ptb.de
And in /etc/ntp/drift:
logfile /var/log/ntp.log logconfig =all restrict default noserve restrict 127.0.0.1 # restrict 192.168.1.0 mask 255.255.255.0 # wenn subnet drauf zugreift
every once and a while it might become necessary to update. First make sure your sources are up to date:
cp /usr/share/examples/cvsup/stable-supfile /root emacs cvsup-stable # use cvsup2.de.freebsd.org, make sure you're using RELENG_4!! cvsup -g -L2 cvsup-stable
Note
If you don't want to 'slide' into 4.9 PRELEASE you must specify RELENG_4_8 instead ofjust RELENG_4!!
Note
The same is true for FreeBSD 5.x where you should use RELENG_5_1
Next build your world, but don't install it yet
cd /usr/src make buildworld
Now build and install your kernel. It's perfectly alright to use the GENERIC configuration...
make buildkernel KERNCONF=GENERIC make installkernel KERNCONF=GENERIC
Finally, install the world, reboot the machine and pray ;-)
make installworld [...] reboot
Use cvsup and portupgrade
Use cvsup to keep the ports information uptodate. Copy the /usr/share/examples/cvsup/ports-supfile into /root (or wherever) and edit the host entry. We use cvsup2.de.freebsd.org. Another way is to use the example file directly (which contains an invalid host) and provide the host with the -h parameter when calling cvsup.
pkg_add -r cvsup-without-gui rehash cp /usr/share/examples/cvsup/ports* . cvsup -g L2 ports* (this updates *all* of the ports)
i've set up a cronjob (for user root)
ds80-237-202-128# crontab -l MAILTO=primary-admin@tomster.org @weekly ~/bin/ports-update.sh
with
ds80-237-202-128# less bin/ports-update.sh #/bin/sh cvsup -g /root/ports-supfile
On 2003-09-16 there was a vulnerability in the standard SSH implentation detected. An upgrade version was available in the ports collection. To replace the default sshd (which is part of the world) with the one from the ports collection do the following:
update the ports collection
cd /usr/ports/security/openssh make make install
edit /etc/rc.conf to prevent the default sshd to be started up
sshd_enable="NO"
Make sure, that the new sshd will start up by renaming /usr/local/etc/rc.d/sshd.sh.sample to /usr/local/etc/rc.d/sshd.sh . Failure to do so may leave you locked out from your machine after the next restart!
Next, kill the running sshd and start up the new one (this will not end your current session, as this has been forked from the sshd upon login):
ps xauww | grep sshd #note the process-id kill <pid> /usr/local/etc/rc.d/sshd.sh start
Finally, login from another terminal (!!) If this runs smoothly (you will get warning messages about modified keys, of course) then and only then is it safe for you to exit the shell from which you've done the upgrade. If you're not carful here, you might end up being locked out of your own machine!
Previous:
6. Apache
