[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Sheflug] RedHat and Script Kiddies

To: Sheflug <sheflug [at] vuw.ac.nz>
Subject: Re: [Sheflug] RedHat and Script Kiddies
From: Alex Hudson <nospam [at] alexhudson.com>
Date: 21 Jan 2001 10:46:11 +0000
Envelope-To: <sheflug [at] vuw.ac.nz>
List-help: <http://www.sheflug.co.uk>
List-owner: <mailto:sheflug-admins [at] vuw.ac.nz>
List-post: <mailto:sheflug [at] vuw.ac.nz>
List-subscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=subscribe>
List-unsubscribe: <mailto:sheflug-request [at] vuw.ac.nz?Subject=unsubscribe>
Reply-to: "Sheflug" <sheflug [at] vuw.ac.nz>
Sender: sheflug-bounce [at] vuw.ac.nz

On 20 Jan 2001 23:37:17 +0000, Barrie Bremner wrote:
> I just nipped over to RedHat.com (again) to check when all the fixes
> came out - they've got a page covering the worm.. the updates came out
> June, July and October 2000.
> 
>  It says something if sysadmins don't patch their systems for that long!

(Not having read the article (!), I presume we're talking about Ramen?)

I checked all our systems at work last week when it appeared in Security
Focus (btw, they & Linux Security had a nice analysis of the worm), and
none of our machines were vulnerable. And we run most editions of RedHat
from 4 onwards ('cept 7). The worm seems *extremely* specific - I would
guess that most boxes would be safe. 

>  The worm is also taking advantage of traditionally iffy servers -
> something I would have expected most people to really keep an eye out
> for updates or not run - wu-ftpd, NFS (and LPrng).

To be honest, and this is going to sound awful, but there are a number
of reasons why a lot of sysadmins won't apply these updates. Certainly,
on RedHat, the packages do not seem to have the quality you would expect
of them - I've tried upgrading some stuff with their updates, and I have
had things break on occasion. I would be worried about updating a
machine which was important and had no secondary to take over if the
update failed. Even stuff like the kernel source - I don't think I've
ever had a kernel source rpm install itself properly on a 6.1/6.2
machine I don't know whether that's because of the mess RedHat make in
/usr/src/linux or what, but it always breaks. 

It comes down to, if it ain't broke, don't fix it. If you consider that
the amount of work you'd have to do if the box was ever 0wned would be
less than the trouble you'd take to update the box, are you necessarily
going to update it? I think a lot of sysadmins would say not.

BTW  - I'm playing devil's advocate here - all the machines at work I
take care of are updated on a regular basis. BUT, it's a hell of a lot
of work. I generally create our own rpms, and we have our own scripts
for updating machines over the network. We've just recently installed
some servers off-site for the first time, and it's all the more
important then because they're difficult for us to get to. I don't think
many others we know of go to that trouble....

Cheers,

Alex.
---------------------------------------------------------------------
Sheffield Linux User's Group - http://www.sheflug.co.uk
To unsubscribe from this list send mail to
- <sheflug-request [at] vuw.ac.nz> - with the word 
 "unsubscribe" in the body of the message. 

  GNU the choice of a complete generation.

Follow-Ups:
- Re: [Sheflug] RedHat and Script Kiddies
  - From: "Stephen J. Turnbull" <turnbull [at] sk.tsukuba.ac.jp>

References:
- [Sheflug] RedHat and Script Kiddies
  - From: Craig Andrews <craig [at] fishbot.org.uk>
- Re: [Sheflug] RedHat and Script Kiddies
  - From: Barrie Bremner <TheEnglishman [at] ecosse.net>

Prev by Date: Re: [Sheflug] My network hassles - ISA bus dead?
Next by Date: Re: [Sheflug] Re: Gosh it *is* quiet!! (it might not be ? )
Prev by thread: Re: [Sheflug] RedHat and Script Kiddies
Next by thread: Re: [Sheflug] RedHat and Script Kiddies
Index(es):
- Date
- Thread