Comments on: Installing daemontools service supervisor on FreeBSD 7.0 http://my.galagzee.com/2008/06/30/installing-daemontools-service-supervisor-on-freebsd-70/ Tech in a Galagzee, Not So Far Away. Tue, 27 Jul 2010 20:02:53 +0000 hourly 1 http://wordpress.org/?v=3.0 By: Bert-Jan http://my.galagzee.com/2008/06/30/installing-daemontools-service-supervisor-on-freebsd-70/comment-page-1/#comment-14761 Bert-Jan Wed, 18 Nov 2009 10:04:23 +0000 http://my.galagzee.com/?p=78#comment-14761 Just a quick note about all of the rebooting you describe here: it's really never needed. I've just installed daemontools from ports, created /var/service and configured a service in there, and just ran /usr/local/etc/rc.d/svscan.sh start (the same thing that happens when you put svscan_enable="YES" in /etc/rc.conf and reboot). Everything works fine, no rebooting required. Just a quick note about all of the rebooting you describe here: it’s really never needed.
I’ve just installed daemontools from ports, created /var/service and configured a service in there, and just ran /usr/local/etc/rc.d/svscan.sh start (the same thing that happens when you put svscan_enable=”YES” in /etc/rc.conf and reboot). Everything works fine, no rebooting required.

]]> By: Ville Walveranta http://my.galagzee.com/2008/06/30/installing-daemontools-service-supervisor-on-freebsd-70/comment-page-1/#comment-924 Ville Walveranta Wed, 20 Aug 2008 23:47:55 +0000 http://my.galagzee.com/?p=78#comment-924 Like with qmail, it bothers me with djbdns that it hasn't been updated by its maintainer since 2001 (v1.05). Of DJ Bernstein's software I still use daemontools, ucspi-tcp and - in production perhaps a month or two longer - qmail. Like with mail with DNS new threats and exploits spring up frequently. DJ Bernstein prides himself with having written programs without security vulnerabilities, but his track-record for making updates is so bad that *when* an exploit comes up, I don't want to be using his software for any critical functionality since he will be unlikely to fix it. I personally like BIND since it's maintained by an organization that can quickly react to issues such as the recent DNS security issues that were rapidly patched by the ISC. Like with qmail, it bothers me with djbdns that it hasn’t been updated by its maintainer since 2001 (v1.05). Of DJ Bernstein’s software I still use daemontools, ucspi-tcp and – in production perhaps a month or two longer – qmail.

Like with mail with DNS new threats and exploits spring up frequently. DJ Bernstein prides himself with having written programs without security vulnerabilities, but his track-record for making updates is so bad that *when* an exploit comes up, I don’t want to be using his software for any critical functionality since he will be unlikely to fix it.

I personally like BIND since it’s maintained by an organization that can quickly react to issues such as the recent DNS security issues that were rapidly patched by the ISC.

]]> By: DrTebi http://my.galagzee.com/2008/06/30/installing-daemontools-service-supervisor-on-freebsd-70/comment-page-1/#comment-911 DrTebi Tue, 19 Aug 2008 11:16:19 +0000 http://my.galagzee.com/?p=78#comment-911 Thank you for this post. I usually install djbdns from /usr/ports/dns/djbdns, which will install the daemontools, DNS tools, and ucspi-tcp all-together. The port will also allow you to choose to also install the man pages for all these packages, and it creates svscan.sh for you. It's great to run supervise together with the tcpserver program, which allows you to further protect services like e.g. sshd. I then disable sshd in /etc/rc.conf, and setup sshd to run with tcpserver and svscan. It works great, I have done it for yeas. It's very important to note that you should always double-triple check all your files before rebooting, because you may end up locking yourself out of the machine if e.g. sshd doesn't come back up after rebooting! This can be a hassle if your machine is a remote host... DrTebi Thank you for this post.

I usually install djbdns from /usr/ports/dns/djbdns, which will install the daemontools, DNS tools, and ucspi-tcp all-together. The port will also allow you to choose to also install the man pages for all these packages, and it creates svscan.sh for you.

It’s great to run supervise together with the tcpserver program, which allows you to further protect services like e.g. sshd.

I then disable sshd in /etc/rc.conf, and setup sshd to run with tcpserver and svscan. It works great, I have done it for yeas.

It’s very important to note that you should always double-triple check all your files before rebooting, because you may end up locking yourself out of the machine if e.g. sshd doesn’t come back up after rebooting! This can be a hassle if your machine is a remote host…

DrTebi

]]>