JonDos GmbH thanks www.secure-internet.org for the right to publish the following article. We made some changes in it but the original text was provided by www.secure-internet.org
navigation: Main Page | FreeBSD and Jails
There are various methods to update a FreeBSD system. Here, we will use a method were we just get new binaries for the operating system. Run
freebsd-update fetch
This will get the binaries of the latest update available from the production release.
After you got them, run
freebsd-update install
Reboot running
shutdown -r now
and login again then.
When logging in again you should be greeted with the new errata version (watch out for the „p“ number or „#“ number). You also just could type
uname -a
to get the same information. Done.
We now will focus on the Ports Collection. The Ports Collection is sort of a text file based database knowing about approximately 20.000 third party software packages available from FreeBSD servers, We first need to update these information before we are prepared to install any software.
Run
portsnap fetch
and then
portsnap extract
Don't worry, both command lines will run for a while.
Now we will install the first software package. Run
cd /usr/ports/ports-mgmt/portaudit
make all install clean
This will get the source code for the portaudit program and build the binary for it automatically. The portaudit program is a speciality of FreeBSD. It will inform you automatically if there pop up any vulnerabilities known about software packages from the ports collection (in this case you in general should update the package as soon as possible).
Now run it the first time
/usr/local/sbin/portaudit -Fda
Usually it will now tell you that 0 vulnerabilities got found. If otherwise and whenever get informed about vulnerabilities you should just remove the software package or really fix it (by update of whatever means).
We now will install the portmaster program which is of great help managing and administering software packages:
cd /usr/ports/ports-mgmt/portmastermake install
The portmaster program will get built.
Now we update all ports (will take a while):
/usr/local/sbin/portmaster -a
In case a blue window pops up asking you for compile options just confirm the defaults. You can navigate an those windows as you experienced it during FreeBSD's installation programm (sysinstall).
If you do not intend to create jails you are done. You now have a FreeBSD host system with most recent errata and ports available ready for production purposes.
If you want the jails we need to prepare various further stuff. The next steps will take some time because we need to download lots of stuff and compile tons of programs.
At first then we need to get the source code to build the userland binaries.
Edit /etc/standard-supfile
vi /etc/standard-supfile
Make sure you have settings in that file like the following (where the example below is for a FreeBSD 7.2 production release). You may and should of course adapt the FTP server address to a server near your machine:
src-all
Please note that there should NOT be an asterisk before „src-all“.
Then run
cd /etc
csup /etc/standard-supfile
This will run a while.
After the job is done, run:
cd /usr/src
make buildworld
... which will run even longer because we now compile the FreeBSD userland programs. This is required nonetheless we have already versions of those binaries. We need running through this process to provide structures needed to later on get a userland program into each jail. Have a lunch as long as it's running or – if you have a slow machine – even do something different for a few hours ;-).
When „make buildworld“ finished, run:
mergemaster -p
Answer the questions asked by mergemaster. Then run:
make installworld
After it was finished, run
mergemaster -iU
and again answer the questions mergemaster asks you.
When done, reboot your system:
shutdown -r now
and after reboot log in again via SSH.
To shorten the motto of the day text appearing with each login to the system you might edit /etc/motd:
vi /etc/motd