Hi folks,
I've got some machines in a DMZ and I really don't want to install the whole ports tree so I can do security patching.
Maybe I've got something wrong but the process I use is:
Run portaudit from cron and monitor the daily security output
When necessary (patching is required) log onto the server and do:
This works fine but it means that I have to keep the whole ports tree on the server and I'm not keen on that.
If I had some more servers to worry about (like say 4 or 5) I'd set up a patch distribution server and do this in a centralised way (I'm sure this is possible) but just for a couple of machines, I can't justify it.
Is there a way to limit the ports tree to only the installed ports so that I can do the patching but don't have to have the whole tree on the server?
ciao
dave
I've got some machines in a DMZ and I really don't want to install the whole ports tree so I can do security patching.
Maybe I've got something wrong but the process I use is:
Run portaudit from cron and monitor the daily security output
When necessary (patching is required) log onto the server and do:
Code:
portsnap update
portupgrade -a
This works fine but it means that I have to keep the whole ports tree on the server and I'm not keen on that.
If I had some more servers to worry about (like say 4 or 5) I'd set up a patch distribution server and do this in a centralised way (I'm sure this is possible) but just for a couple of machines, I can't justify it.
Is there a way to limit the ports tree to only the installed ports so that I can do the patching but don't have to have the whole tree on the server?
ciao
dave