[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Alternatives to CVSUP for Security Updates and Errata

In the last episode (Aug 26), Kenneth A. Bond said:
> I currently manage several FreeBSD 4.9 and 4.10 servers that serve as
> high volume web servers to several of our employees worldwide.
> As you can imagine, in firm the size of ours, various teams are
> reponsible for various aspects of our technology infrastructure. With
> that said, I have requested to have our security team create a policy
> that will allow traffic to and from my servers via port 5999 for
> CVSup, so that I could synch my source.
> My request has been flatly refused, due to the fact that FreeBSD is
> not a firm-standard operating system. The security team will not open
> up the firewalls for this purpose. CVSup is not an option.

You don't need to allow incoming connections to port 5999; cvsup by
default will multiplex traffic over the one outgoing connection.  You
can also connect through a SOCKS proxy server (but not an HTTP proxy)
if your company has one.  If your firewall blocks all outgoing TCP
connects, then you are probably stuck.

	Dan Nelson

Visit your host, monkey.org