DaemonForums  

Go Back   DaemonForums > FreeBSD > FreeBSD Security

FreeBSD Security Securing FreeBSD.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 22nd July 2008
andrewk andrewk is offline
New User
 
Join Date: Jul 2008
Posts: 1
Default Help secure old BIND on FreeBSD 5.4

Hey everyone,

With Kaminsky's annoucement of the bind vulnerability, I am struggling to patch all of my companies boxes. I found 2 freebsd 5.4 boxes with bind 8 that I have no idea how to update.

Can someone please help by walking me through the steps of getting a secure version of bind up on freeBSD 5.4?


Thanks!
Reply With Quote
  #2   (View Single Post)  
Old 22nd July 2008
Carpetsmoker's Avatar
Carpetsmoker Carpetsmoker is offline
Real Name: Martin
Tcpdump Spy
 
Join Date: Apr 2008
Location: Netherlands
Posts: 2,243
Default

You can install bind from ports:
dns/bind94

Or, even better, consider upgrading to FreeBSD 6 or 7, FreeBSD 5 is no longer supported.
__________________
UNIX was not designed to stop you from doing stupid things, because that would also stop you from doing clever things.
Reply With Quote
  #3   (View Single Post)  
Old 22nd July 2008
dk_netsvil dk_netsvil is offline
Real Name: Devon
Fdisk Soldier
 
Join Date: May 2008
Location: New York
Posts: 75
Default

We checked the ISC BIND site and upgraded to the newest release which resolved this issue for us.

I compiled this manually, but installing from ports should be fine.

I think that you should probably get a test box with FreeBSD 7.0-STABLE installed and install the most up-to-date version of BIND on there. Migrate a couple zonefiles over there and verify it's functioning properly. Recently I went through a round of upgrades to bring all our FreeBSD servers up to a minimum of 6.3 and I am sympathetic to anyone facing something similar. I used that opportunity to define an upgrade plan for those systems which historically had been left to their own devices.

I was upgrading from 9.3, so I didn't see any unusual errors and there wasn't any service disruption. However, upgrading from 8 you might need to change the location of named in your rc.conf. I think that those earlier versions installed named in /usr/sbin and not /usr/local/sbin.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
how to secure my ftp? milo974 OpenBSD Security 3 4th August 2009 03:47 PM
Bind-9.5 Petrocelli08 FreeBSD Ports and Packages 6 29th January 2009 12:03 AM
Is this secure? Ungenious OpenBSD Security 4 30th November 2008 02:27 AM
squid bind problem samile Other BSD and UNIX/UNIX-like 0 11th July 2008 02:13 PM
BIND as secondary for Windows DNS? cwhitmore FreeBSD Installation and Upgrading 7 16th May 2008 01:13 PM


All times are GMT. The time now is 02:04 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2024, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick