View Single Post
  #2   (View Single Post)  
Old 29th November 2008
mdh's Avatar
mdh mdh is offline
Real Name: Matt D. Harris
FreeBSD 2.2.6 User
 
Join Date: Oct 2008
Location: West Virginia
Posts: 139
Default

Achieving actual 0 maintenance is not easy, but basically I suppose you'll want to start by looking into some really good shell/perl scripts that run out of crontab to do certain things. Such things might include updating ports for security fixes, or even updating the base system. Still, doing it without any admin interaction will likely, at some point break, and you'll need to come back from vacation to fix it. It may last a month, it may last 10 years, but eventually something big will change to the point that you just need to do something manually.

Logging is easy, and the tools exist to deal with log files (newsyslog, etc).

Security in this sense is going to mean Doing It Right at the beginning, and applying security fixes as they become available. This means automating upgrades, and that's the most likely thing to eventually break down on you, ie if a port name changes, or something about config locations changes in the port, or whatnot.

Self-service stuff can be achieved by using any number of free or commercial products out there, though I'm not personally familiar with any of them.

Self-checking is likewise not a terribly difficult task - nagios on a monitoring server can accomplish this with some scripting, as can cron jobs. Again, coding will likely be required, even if just something simple like Perl.

That was the long answer. It's peppered with stuff like "you'll eventually need to DO something." That leads into the short answer, which is basically that you cannot do what you want without sacrificing security. Programs have bugs. Updating them will eventually require human interaction. Not updating them will lead to sacrificing security.
Reply With Quote