Intro: Keep Your FreeBSD System Up-to-date
To keep your system working smoothly, OS manufacturers release patches and upgrades on a regular basis. The FreeBSD OS is no different; its benefactor, the FreeBSD Foundation ensures that OS updates are on a regular, scheduled basis. Additional installed software also may require updates to ensure smooth running code. These ports and packages are maintained in central repository to ensure easy dissemination to the widest audience.
What does this mean for you? A very easy and rapid way to keep your system up-to-date and in tip-top shape!
Step 1: Verify a Few Things.
Know which version of FreeBSD you are running. For this example, I am running FreeBSD 10.1 (as of this writing, this is the most current version). So I can expect only minor updates to the 10.1 code. If you were running 8.x or 9x, you would have to make minor OS updates (e.g. 9.1 to 9.2 or 8.2. to 8.3), before a major version update (e.g. 8.x to 9.x)
Ensure you have a steady internet connection. Updates are downloaded from the 'net, so if your connection is spotty, the software will Time-Out, and you will have to accomplish the updates at a later time.
Step 2: Update OS Files With Freebsd-update
freebsd-update is a great tool. It can do many things to keep your OS running smoothly; updating your current OS, upgrading to the next minor/major versions, rolling-back to a "good" working version. For this task, we will just be getting minor OS updates and installing them.
Ensure you are running as superuser ("root") on your system:
Lines of code will verify which version you are running, and download the applicable updates. If updates were downloaded, once the command returns to the prompt, type in:
Minor OS versions do not require a system reboot to install.
If no updates are required, the command response will tell you.
Step 3: Keep Ports Tree Updated
The Ports Collection is a set of Makefiles, patches and descriptive texts stored in /usr/ports. Keeping the Ports Tree up-to-date is vital to keeping your installed code base current.
portsnap fetch update
Any downloaded updates will be automatically extracted and included in your current Ports Tree.
Step 4: See What Pkg Versions Are Installed
After you have installed software, it is critical to know when a newer version is available. The pkg tool allows you to compare the version installed to your Ports Tree (which, after running Step 3., should be up-to-date!).
For FreeBSD version 10.x, type in:
pkg version -l "<"
Note: The option is a lowercase L ("ell"), not a numerical 1.
For FreeBSD version 9.x and below, type in:
pkg_version -l "<"
The "less than" sign tells the utility to find and identify installed software versions that are "less current" than the ports tree.
The provided list will give you an idea how many installed programs are out-of-date.
Step 5: Upgrade Installed Programs
Once you've determined how many and which packages are out-of-date, type in:
This will compare versions of installed packages to the versions in the ports tree, and provide you a list of which ones can be updated.
Note: the output is similar to the previous step; however, this step allows you to actually download the upgrades. The previous step, pkg version, just provided information on what can be updated.
Step 6: Run an Audit on Installed Programs
The final step is to check to see a list of known vulnerabilities in your installed packages.
pkg audit -F
This will check installed packages against listed security advisories.
Step 7: Create a Shell Script to Run Periodically (optional)
You can run these commands in any order at any time; however, it is best to run them on a frequent basis in a shell script.
The attached file (update.txt) is a BASH Shell Script, executing the commands, while updating a specified log file (/var/log/FreeBSD-update.log)
- Save the file, and renamed extension to ".sh"
- Make the file executable (chmod 700 ./update.sh)
- Run the command (sh ./update.sh)
Feel free to modify the script to your liking - it was modified from a similar script from MeBSD.com