Travis Rousseau wrote:
It was a exploit in cups (we got hit the same day the first update was released for fc3) it caused a dos every time we brought backup the computer tried to download the update we got a descrepency if we put it back online it would get the dos we had to wait 2 days till the descrepency was fixed.2 days? You must have been using a mirror that's having problems.
Why would your server be down? The dependency problems prevent you from updating, they should not bring your system down. Your server can still run on the older packages. In most cases, the updates are release long before a viable exploit is written. If you need them faster you can always patch the packages yourself. Or use a temporary fix.
I know there was an exploit for the recent PHP bug came out about as soon as it was announced but the exploit required bugs in both the application (like phpBB) and PHP. The patch for phpBB was released pretty much right away and as long as you applied it you were safe.
Yeah I remember that dependency problem. Did you try looking for the required package in testing?
I am sorry to hear that but you do realize you shouldn't be running a cups server straight on the net like that. If you were running a cups server on your private network it would be trival to block any Dos attacks coming in on that/those port(s). Even if you do have the machine on the net, you could easily just boot up without cupsd running or set your iptables to drop packets from anyone not authorized to print on that machine. Any of these solutions could be implemented in 10-20 minutes so 2 days of downtime is really not required.
I am not really defending Fedora here, they definitely have a few wrinkles to workout in their release mechanism but they really hasn't been that many problems.
BTW if your server is that important that it can't be down for an extended period of time you need to add some redundancy. What happens if you get a CPU fan failure on a Saturday evening?
_______________________________________________ clug-talk mailing list [email protected] http://clug.ca/mailman/listinfo/clug-talk_clug.ca Mailing List Guidelines (http://clug.ca/ml_guidelines.php) **Please remove these lines when replying
