[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Alternatives to CVSUP for Security Updates and Errata



In the last episode (Aug 26), Kenneth A. Bond said:
> I currently manage several FreeBSD 4.9 and 4.10 servers that serve as
> high volume web servers to several of our employees worldwide.
>  
> As you can imagine, in firm the size of ours, various teams are
> reponsible for various aspects of our technology infrastructure. With
> that said, I have requested to have our security team create a policy
> that will allow traffic to and from my servers via port 5999 for
> CVSup, so that I could synch my source.
>  
> My request has been flatly refused, due to the fact that FreeBSD is
> not a firm-standard operating system. The security team will not open
> up the firewalls for this purpose. CVSup is not an option.

You don't need to allow incoming connections to port 5999; cvsup by
default will multiplex traffic over the one outgoing connection.  You
can also connect through a SOCKS proxy server (but not an HTTP proxy)
if your company has one.  If your firewall blocks all outgoing TCP
connects, then you are probably stuck.

-- 
	Dan Nelson
	dnelson_(_at_)_allantgroup_(_dot_)_com