Simple Script for Keeping FreeBSD Upto Date

It can’t be stressed enough how important it is to keep your server and ports/packages upto date, and we all know it’s something we should. But with the lack of standard tools to help you do this in FreeBSD it can seem a daunting task, so I would like to share this simple script with you. It will first make sure you have the latest binary patch from FreeBSD, then update the ports tree and upgrade any outdated ports including their dependencies. Finally it fetches the latest portaudit database and checks your installed packages for known vulnerabilities. The output is also duplicated to a log file if you need it.

First make sure you have the following installed

  • freebsd-update (this is installed as default)
  • portsnap (should also be installed as default)
  • portupgrade (/usr/ports/ports-mgmt/portupgrade)
  • portaudit (/usr/ports/ports-mgmt/portaudit)

Now you have everything you need to update your server, this shell script will also create backup of the old port in case anything should go wrong. See man 1 portupgrade for more information on backing up packages.

One other thing worth mentioning is that portupgrade expects your packages to be fairly conflict free and tidy. Although this script will help keep your pkgdb that way you may find that you need to manually intervene sometimes to fix conflicts. You do this with this command

# pkgdb -F

Now for the actual shell script

#!/bin/sh

LOG_FILE="/var/log/freebsd-update.log"

echo "Starting updates: `date`" | tee ${LOG_FILE}
echo "***"
echo "*** Checking for FreeBSD patches..."
echo "***"
/usr/sbin/freebsd-update fetch | tee ${LOG_FILE}
/usr/sbin/freebsd-update install | tee ${LOG_FILE}

echo "***"
echo "*** Updating ports tree..."
echo "***"
/usr/sbin/portsnap fetch update | tee ${LOG_FILE}

echo "***"
echo "*** Checking pkgdb..."
echo "***"
/usr/local/sbin/pkgdb -aFv | tee ${LOG_FILE}

echo "***"
echo "*** Looking for ports to update..."
echo "***"
/usr/local/sbin/portversion -v -l '<' | tee ${LOG_FILE}
/usr/local/sbin/portupgrade -aRrbv --batch | tee ${LOG_FILE}
/usr/local/sbin/portversion -v | tee ${LOG_FILE}

echo "***"
echo "*** Checking installed ports for known security problems..."
echo "***"
/usr/local/sbin/portaudit -Fva | tee ${LOG_FILE}
echo "Finished updates: `date`" | tee ${LOG_FILE}

Any any comments, or ideas for other ways to keep FreeBSD upto date please feel free to post them here.

You may also like...