I've started maintaining a FreeBSD server recently. I've read the parts of the handbook about updates and from that I've come up with the following plan for keeping the server up to date. The server hosts a small website.
On a regular schedule, run:
After a minor version release, run:
Subscribe to freebsd-security mailing list and maybe do one of the above updates out of schedule if there's something critical.
I have some questions:
1. Does the above plan seem reasonable?
2. Is there an easy way to get rid of one of the reboots for the regular updates?.
3. In the daily "freebsdfoundation.org daily security run output" emails, there tends to be a package reported with a vulnerability. Right now it's "py36-urllib3-1.22,1". It seems to take a really long time before these go away. Someone in the forums suggested using synth to get the updates sooner and I tried that, but synth puts a pretty heavy load on the server.
On a regular schedule, run:
sudo freebsd-update fetch
sudo freebsd-update install
sudo reboot
sudo pkg upgrade
sudo reboot
After a minor version release, run:
sudo freebsd-update -r <next-version>-RELEASE upgrade
sudo freebsd-update install
sudo shutdown -r now
sudo freebsd-update install
sudo shutdown -r now
Subscribe to freebsd-security mailing list and maybe do one of the above updates out of schedule if there's something critical.
I have some questions:
1. Does the above plan seem reasonable?
2. Is there an easy way to get rid of one of the reboots for the regular updates?.
3. In the daily "freebsdfoundation.org daily security run output" emails, there tends to be a package reported with a vulnerability. Right now it's "py36-urllib3-1.22,1". It seems to take a really long time before these go away. Someone in the forums suggested using synth to get the updates sooner and I tried that, but synth puts a pretty heavy load on the server.