FreeBSD 6 Unleashed
IN THIS CHAPTER
Every operating system has to have a way of keeping up with the times. Administrators need to get security patches, bug fixes, and support for new technologies into their installed systems without waiting for new full releases, which can take anywhere from six months to three years or more in the operating system world. In today's "Internet time" environment, however, hackers can compromise systems within hours of a security breach announcement, so maintaining an up-to-the-minute operating system is essential. No operating system maker neglects this need. Microsoft provides large periodic "service pack" upgrades to users of the Windows client and server families (and a good thing, too, considering that full releases are coming further and further apart these days). Between these service packs or full releases, though, rapid-response fixes for security issues found within the operating system are rolled out through the Windows Update mechanism, allowing users to download and install patches for time-critical problems. Mac OS X has a similar Software Update mechanism, and analogous patch mechanisms are in place for Linux as well, giving users the all-important ability to protect their systems with a minimum of effort or expertise required. Maintaining a FreeBSD installation is a rather different process. Patches for security issues are made available with the same speed as with any other operating system; but because FreeBSD's operating philosophy is largely centered on its users' access to the source code (even more so than its open-source cousins), patching your system more often than not involves recompiling the software in question yourselfwhether it's a change to the kernel, to a system library, or to a third-party application. Fortunately, FreeBSD offers some well-established methods for making these periodic rebuilds a straightforward process, helping you keep your system buttoned up against even the most current conditions. Note Upgrading your system by downloading precompiled binary packages and installing them over the old components, in what's known as a binary upgrade, is possible in FreeBSDjust go into Sysinstall, specify the new release's name in the Options screen, and then choose Upgrade to perform the upgrade process, which you configure and execute in a similar manner to the initial installation covered in Chapter 2, "Installing FreeBSD." You can do a binary upgrade from a CD/DVD or from an FTP source. This method of upgrading can be painless and quick. However, unlike with other operating systems, the binary upgrade process isn't necessarily the cleanest way of updating FreeBSD. Because the system is under constant development, with system components being moved to different locations and added or deleted on an ongoing basis; because many users have heavily customized their systems' files; and because the binary upgrade script is not always kept as current as the sources themselves, a binary upgrade is almost certain to leave some necessary tasks unfinished. You'll have to merge certain files from your old system's /etc directory into the new one by hand, for example. This is even more the case when you're upgrading between two widely different systems, such as going from a 4.x system to a 5.x or 6.x release, which has a radically different file structure that may not be accounted for in the binary upgrade script. Because of all these complications, tracking the sources and compiling your own operating system is not only a useful skill to have as a FreeBSD administrator, but the recommended method for upgrading your system.
Major releases of FreeBSD (such as 5.0 and 6.0) appear every one to two years, and minor releases (such as 4.2 and 5.4) generally appear every three to six months. ("Patch" releases, such as 5.2.1, are not normally scheduled, and appear on an as-needed basis.) No matter how frequently a new release that's appropriate to your needs becomes available, it's too infrequent to address the pressing day-to-day needs of a security-conscious administrator; you'll need a way to update your system in part or wholesale, at your discretion, at any time in between releases. In this chapter, you learn about CVSup, make world, and other real-time methods for keeping your FreeBSD system current. |
Категории