[LINK] Security of old RedHat systems
Glen Turner
glen.turner at aarnet.edu.au
Mon Dec 13 10:17:56 EST 2004
Robin Whittle wrote:
> I don't recall seeing any packages I thought I was running on these
> machines which had serious security flaws.
CVS, mailman, PHP, CUPS, Gaim, kernel, Tripwire, Apache :-)
> (I am not concerned about protecting the machine from local users, sinc
> I am the local user.
Then you should be. The experience at US DoE is that automated
scripts penetrate machines and then wait for a local exploit to
gain root access (and then install a root kit, etc).
This is of particular heart-ache to me as it means that people
running a Web100 patched kernel need to revert to the vendor
kernel until I can get a new patched Web100 kernel out there.
So we have holes in our Web100 stats; holes which unfortunately
co-incide with periods of "interesting" network activity.
> Have I been lucky?
Maybe. Or maybe you just can't tell. For an answer boot off CD and run
chkrootkit.
> Or maybe these systems - or the subset of them I have installed - have
> had most of their security vulnerabilities found already.
That's a false kind of statistic. It only takes one unpatched
vulnerability to lose the box. So you don't care if 99.999%
of known faults have been previously patched. It's the one
unpatched fault someone used to get into your box that causes
the hassle.
> I don't believe hackers would be uninterested in finding
> vulnerabilities, since I think there are a huge number of servers
> running RH 7.2, 7.3 and 9.0.
Yes. I do wish Red Hat would decide upon the last day of maintenance
during manufacture and shut down the box when that day arrives. If
someone undertakes to manually maintain the machine then they could
always un-install that RPM, similarly projects like Fedora Legacy
could simply extend the date.
Anyway, you need to look at the Fedora Legacy project. Install
yum, point to the Fedora Core repository and run "yum update".
Alternatively, there are some nice re-packagings of RHEL, such as
CentOS or Whitebox. Or you can go the Fedora Core route (and FC3
is a nice bit of work).
Cheers,
Glen
--
Glen Turner Tel: (08) 8303 3936 or +61 8 8303 3936
Australia's Academic & Research Network www.aarnet.edu.au
More information about the Link
mailing list