Hi,
I'd like to know if you have a good way of keeping a system completely up to date in a completely automated way.
If my understanding is correct, I can add
in root's crontab to have the base system (I guess that means the kernel and the programs in /bin) patched with the latest security updates everyday at 8:42.
Now, does that restart services that need to be restarted? For example, if sshd depends on a library that's been patched, does
If not is there a way to deal with that automatically?
In order to upgrade the other programs (those installed in /usr/local/bin), I guess the way to do that would be to add an
entry in cron.
I have the same question about that: are services that depend on the updated packages automatically restarted?
I'm thinking about services like postgresql, apache or nginx for example.
I haven't looked into ports yet (I'm quite new to FreeBSD) but I guess this is something that has to be dealt with too in term of security updates.
So I guess my question is: how do you keep your system secure with the least human intervention possible?
Thanks for your help.
I'd like to know if you have a good way of keeping a system completely up to date in a completely automated way.
If my understanding is correct, I can add
Code:
42 8 * * * freebsd-update cron
in root's crontab to have the base system (I guess that means the kernel and the programs in /bin) patched with the latest security updates everyday at 8:42.
Now, does that restart services that need to be restarted? For example, if sshd depends on a library that's been patched, does
freebsd-update cron
restarts the sshd daemon?If not is there a way to deal with that automatically?
In order to upgrade the other programs (those installed in /usr/local/bin), I guess the way to do that would be to add an
Code:
55 9 * * * env ASSUME_ALWAYS_YES=YES pkg upgrade
entry in cron.
I have the same question about that: are services that depend on the updated packages automatically restarted?
I'm thinking about services like postgresql, apache or nginx for example.
I haven't looked into ports yet (I'm quite new to FreeBSD) but I guess this is something that has to be dealt with too in term of security updates.
So I guess my question is: how do you keep your system secure with the least human intervention possible?
Thanks for your help.