FreeBSD Admin Best Practices

From Docupedia

Written By: Steve Ayotte

Date: 4/27/2007

Contents

[edit]

Overview

This is an attempt to list those things every FreeBSD Admin (read: user, since FreeBSD users are so frequently their own admins) should at least know about/how to do.

It does not cover general UNIX admin tasks; only FreeBSD specific ones.

[edit]

The Good Stuff

[edit]

cvsup-nogui

This is for everyone.

This is a port in the ports-collection which can be used in a cron job to keep any set of sources you frequently use up to date. There is a larger port, 'cvsup', which includes this one and a Gtk GUI.

In particular, cvsup can be used to keep your system sources and your Ports Collection up to date. This is FreeBSD's answer to "patch Tuesday" as Windows admins know it. If there is a security hole or a functional flaw in one of FreeBSD's system sources or something in contrib/, the only way to update yourself with it before the next minor release is to use cvsup. Similarly, if there is a security flaw or functional hole in some ported application/library and the port-maintainer has integrated a patch for it into the offical port, the best way to update yourself with it is to cvsup your Ports Collection and rebuild/reinstall the port (you could build/install it and then apply a third party patch).

I find it best, when installing FreeBSD, to install the base system with nothing else, cvsup all sources, and then build-from-source all major components. I make huge concessions against this policy for workstations--- I hate building X.org, Qt, etc. from source--- but I never stray with servers.

[edit]

portupgrade

This is for everyone. 'portupgrade' is a utility that maintains a database of dependencies among installed ports from the FreeBSD Ports Collection. If you make extensive use of the Ports Collection, it is an indispensable tool for making sure that a given port won't think its dependency chain has been broken because you upgrade something it depends on.

'portupgrade' is itself a port and should really be one of the first you install, right after 'cvsup-nogui'.

[edit]

portaudit

This is only for security conscious people.


[edit]

rc.conf

This is for people who require more specialization than a stock install using DHCP for network with no services enabled provides. I.e., this is for everyone eventually.

[edit]

sysctl

This is for administrators of production systems.

Retrieved from "http://docs.lucidinteractive.ca/index.php/FreeBSD_Admin_Best_Practices"