supercell29
asked on
Upgrading OpenSSL 0.9.7e-p1 to 0.9.8i: What precautions should I take prior to upgrade? What are the procedures to upgrade?
Hello,
I have recently been assigned the job of upgrading OpenSSL0.9.7e-p1 to 0.9.8i on our FreeBSD 5.5 server. Apache 2.2.3 is currently running as well as Perl 5.8.8 with mod_perl2 2.000003. It looks as though the keys are self-assigned. Openssh version: OpenSSH_3.8.1p1 FreeBSD-20060123
What precautions are needed prior to upgrading OpenSSL?
Does Apache 2.2.3 need to be upgraded as well?
Does mod_perl have to be upgraded as well?
What commands do I need to perform to upgrade OpenSSL?
Thank you in advance.
I have recently been assigned the job of upgrading OpenSSL0.9.7e-p1 to 0.9.8i on our FreeBSD 5.5 server. Apache 2.2.3 is currently running as well as Perl 5.8.8 with mod_perl2 2.000003. It looks as though the keys are self-assigned. Openssh version: OpenSSH_3.8.1p1 FreeBSD-20060123
What precautions are needed prior to upgrading OpenSSL?
Does Apache 2.2.3 need to be upgraded as well?
Does mod_perl have to be upgraded as well?
What commands do I need to perform to upgrade OpenSSL?
Thank you in advance.
ASKER
Well, unfortunately the admin prior did not use ports! Not sure why, but he didn't.
Commands:
pkg_info -R openssl : pkg_info: can't find package 'openssl' installed or in a file!
openssl version : OpenSSL 0.9.7e-p1 25 Oct 2004
uname -a : FreeBSD (fqdn) 5.5-RELEASE FreeBSD 5.5-RELEASE #0: Tue Dec 19 11:54:59 CST 2006 email @ fqdn :/usr/src/sys/i386/compile
http -V : http: Command not found.
perl -V : (see attachment)
There is a lot running on this server presently: 40G MySQL database, RT ticketing, mrtg, PHP MyAdmin and NO ports! Sounds as though this won't be a very easy process! :(
Perl--V-results--engineering-.txt
Actually then it does not matter if you install some sort of Linux with all used packages included or install fresh FreeBSD.
1) thats normal
2) system's default openssl, replacing that will break ssh and leave you out for good.
3) -RELEASE means: never patched sources.
4) my misspelling - httpd -V
5) Thanks, normal perl without exotic wonders.
If you can afford 3-4 hours of downtime and somebody to look over your shoulder (like Windows admin) reinstall is easy:
0) choose system: ubuntu server or opensuse or mandriva or freebsd
1) create some tar backup of unique data.
2) use g4u to transfer disk image to FTP server
3) Install recent OS in minimalistic configuration
4) Install packages you know and restore data from copies (1)
5) if (4) fails - use loop mount over NFS or SMB and copy files over from old system
6) If hopeless after planned time - restore (2)
Or alternatively bring apps one by one to new server with maintainable OS...
1) thats normal
2) system's default openssl, replacing that will break ssh and leave you out for good.
3) -RELEASE means: never patched sources.
4) my misspelling - httpd -V
5) Thanks, normal perl without exotic wonders.
If you can afford 3-4 hours of downtime and somebody to look over your shoulder (like Windows admin) reinstall is easy:
0) choose system: ubuntu server or opensuse or mandriva or freebsd
1) create some tar backup of unique data.
2) use g4u to transfer disk image to FTP server
3) Install recent OS in minimalistic configuration
4) Install packages you know and restore data from copies (1)
5) if (4) fails - use loop mount over NFS or SMB and copy files over from old system
6) If hopeless after planned time - restore (2)
Or alternatively bring apps one by one to new server with maintainable OS...
ASKER
So g4u "ghosts" any OS including FreeBSD?
httpd -V gives the same result:
httpd -V httpd: Command not found.
I will have to test g4u on a test server before trying this on a live ticketing system.
Thanks!
httpd -V gives the same result:
httpd -V httpd: Command not found.
I will have to test g4u on a test server before trying this on a live ticketing system.
Thanks!
You have to test your FTP server with files >4GB
I just wanted to know if apache is "worker" or "prefork" type
I just wanted to know if apache is "worker" or "prefork" type
ASKER
Is there any other way of checking this?
I will check my FTP for files >4GB.
Thank you.
I will check my FTP for files >4GB.
Thank you.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/cvsup.html
supfile could look like this:
*default host=cvsup.freebsd.org
*default base=/usr
*default prefix=/usr
*default release=cvs delete use-rel-suffix compress
*default tag=RELENG_5
src-all
ports-all tag=RLEASE_5_EOL
2) after you are done:
pkg_add -r portupgrade
portupgrade -r portupgrade
portupgrade -Rf openssl
You can install openssl from ports and it will be of 0.9.8 series. Basically 0.9.7->0.9.8 update requires everything depending on it to be rebuilt
Given EOL status of 5.x let me suggest updating (via clean reinstall) to 7.x. Once you get to 7.x or 6.x replace ports-all tag=. to get latest ports. Otherwise they will contain all the security holes over last year as evident when you install portaudit and run portaudit -Fda
Some more commands for your for experts' entertainment:
pkg_info -R openssl
openssl version
uname -a
http -V
perl -V