Some days ago I had to update a FreeBSD 7.0 Server that was acting as FAMP (FreeBSD/Apache/MySQL/PHP) server and it was full of vulnerable packages/software according of what Portaudit said. So I had to update all the software installed in the server with the minimum downtime possible. If you have experience with FreeBSD you should know the time that takes to install any software particularly the big ones like MySQL Server and that I have to do it for +100 packages that were old, so instead of using the magical “make install clean-depends” or plain “make install” (Well actually for the update of software packages you have to do “make install“, “make deinstall“, “make reinstall” but you already know that, right?) I used an excellent tool called PortManager.

What is PortManager?

FreeBSD port collection management. Update your ports easily. Great
for users of KDE or GNOME who need to be concerned about how
dependency ports are built.

More information available at http://cvsweb.freebsd.org/ports/ports-mgmt/portmanager

Requirements to use PortManager:

You need to have an updated ports tree, to know how to do it you can check this guide: http://www.freebsd.org/doc/en_US.ISO8859-1/books/handbook/updating-upgrading-portsnap.html

How to install PortManager?

# cd /usr/ports/ports-mgmt/portmanager
# make install clean-depends

How to use PortManager?

# portmanager -u

This will upgrade all your old installed packages.

How I can update a specific package/port?

# portmanager www/apache22 -l -u -f

(This command will update your Apache 2.2.x server and all the dependencies)

How I can see the status of my installed packages?

# portmanager -s


So after a couple of hours the server was running stable software without any know vulnerability, I had some issues with some PHP modules that I don’t recall now (I have to take notes of my troubleshooting tasks so I don’t work on the same issue twice, but well I like to crash with the same stone over and over again hahaha)

Checking if the installed software on your server has any known vulnerability:

# cd /usr/ports/ports-mgmt/portaudit
# make install clean-depends
# portaudit -Fda

Now Portaudit should download a new vulnerability database daily and do the checking informing you via e-mail to the root user or your forwarded e-mail.

I hope this small guide help you to have your server updated and with the less vulnerabilities possible.

Take care!