FreeBSD Applying Security Updates Using pkg/freebsd-update

I am a new FreeBSD developer and user. I have root access to my VM running in AWS cloud. How do I update packages and apply security upgrades on FreeBSD? What is the procedure for applying security updates on FreeBSD?

FreeBSD follows the concept of a base system and packages. One can apply security updates to the base system using freebsd-update command. You need to use the pkg command to upgrade FreeBSD packages. Let us see step-by-step instructions for implementing security updates polices for your FreeBSD server or desktop system.

ADVERTISEMENTS

FreeBSD Applying Security Updates

The procedure is as follows:

  1. First, login from an ordinary user to the root user using the sudo command or su command
  2. Capture a list of currently installed FreeBSD software, run: pkg list > file
  3. Apply all base OS security updates to your system, run: freebsd-update fetch install
  4. Install FreeBSD package security upgrades too, type: pkg update && pkg upgrade
  5. Reboot the FreeBSD machine to apply kernel updates, run: reboot<

Let us see all commands and examples in details.

Save software list

Login as the root user:
$ su -
OR
$ sudo -i
Note down the FreeBSD version and patch level, run:
# freebsd-version
Outputs:

12.0-RELEASE-p1

Type the following command to show information about installed packages and save in a file called /root/pre-pkg-update-YYYYMMDD format:
# pkg info > /root/pre-pkg-update-`date +%Y%m%d`
OR bash/sh user can type the following command:
# pkg info > /root/pre-pkg-update-`date +%Y%m%d`
Use the cat command or less command to view the file:
# ls -l /root/pre-pkg-update-*
# cat /root/pre-pkg-update-`date +%Y%m%d`
# less /root/pre-pkg-update-`date +%Y%m%d`

FreeBSD capture a list of currently installed software

Fetch FreeBSD base OS updates from server

Simply run:
# freebsd-update fetch
Sample outputs:

src component not installed, skipped
Looking up update.FreeBSD.org mirrors... 3 mirrors found.
Fetching metadata signature for 12.0-RELEASE from update2.freebsd.org... done.
Fetching metadata index... done.
Inspecting system... done.
Preparing to download files... done.
Preparing to download files... done.

The following files will be updated as part of updating to 12.0-RELEASE-p1:
/boot/kernel/aac.ko
/boot/kernel/aacraid.ko
/boot/kernel/aesni.ko
/boot/kernel/alq.ko
....
..
...

Install downloaded updates on FreeBSD machine

Next you will apply all outstanding base OS security upgades to your system, run:
# freebsd-update install
Sample outputs:

Installing updates...done

How to see reports about vulnerable software packages

Execute the following command:
# pkg audit -F
See a list of vulnerable packages, run:
# pkg audit

Backup package database

You can dump the local package database to a file specified on the command-line:
# pkg backup -d pkg-db-`date +%Y%m%d`
Sample outputs:

Dumping database:
Backing up: 100%

By default the package database stored in /var/db/pkg/ directory:
ls -l /var/db/pkg/pkg-db-*
Dump and save FreeBSD package database for backup purposes
One can use /var/db/pkg/pkg-db-* file in order to restore the local package database. Very useful in case of a database crash or loss, to restore your database from a previous backup using the following syntax:
# pkg backup -r pkg-db-20190912

Update all FreeBSD packages database

Type:
# pkg update

Apply all outstanding packages security upgades

Run:
# pkg upgrade
FreeBSD Applying Security Updates Using pkg command line

How to reboot the FreeBSD system

Simply run:
# reboot
OR
# shutdown -r now
After rebooting the machine verify FreeBSD version, run:
# freebsd-version
Sample outputs:

12.0-RELEASE-p10

Conclusion

This page explained how to upgade your production FreeBSD machine using various commands for applying security updates. See man pages here and here.

This entry is 2 of 6 in the How to keep your Linux system up-to-date Tutorial series. Keep reading the rest of the series:
  1. RHEL 8 update installed packages for security
  2. FreeBSD Applying Security Updates Using pkg/freebsd-update
  3. Amazon Linux AMI update installed packages for security
  4. SUSE 15 update installed packages for security
  5. CentOS 8 update installed packages for security
  6. Ubuntu 20.04 LTS update installed packages for security
🐧 Get the latest tutorials on SysAdmin, Linux/Unix, Open Source/DevOps topics:
CategoryList of Unix and Linux commands
File Managementcat
FirewallAlpine Awall CentOS 8 OpenSUSE RHEL 8 Ubuntu 16.04 Ubuntu 18.04 Ubuntu 20.04
Network Utilitiesdig host ip nmap
OpenVPNCentOS 7 CentOS 8 Debian 10 Debian 8/9 Ubuntu 18.04 Ubuntu 20.04
Package Managerapk apt
Processes Managementbg chroot cron disown fg jobs killall kill pidof pstree pwdx time
Searchinggrep whereis which
User Informationgroups id lastcomm last lid/libuser-lid logname members users whoami who w
WireGuard VPNAlpine CentOS 8 Debian 10 Firewall Ubuntu 20.04

ADVERTISEMENTS

Comments on this entry are closed.

Use HTML <pre>...</pre>, <code>...</code> and <kbd>...</kbd> for code samples.