On Wed, 26 Dec 2001, Shachar Shemesh wrote:
> I don't know whether this is relevant to Shlomi's email or not, as his > email is the first email I got since subscribing to this list. instead of 'piggybacking' on shlomi's thread - you can start a new thread, for the price of 0.02 IUR (Internet Unit Ration). > I am currently trying to come to terms with the server, in order to bump > up all sensitive services to non-vulnerable versions. I talked to Mulix > and we decided this list is probably the best place to coordinate such > efforts. ofcourse. non-other. however, if some big changes are done, its a good idea to also announce them on linux-il. in case people encounter problems after an upgrade - they'll have an idea it might be related and report it this way, and not as an 'out of the blue' problem. > Some of the things planned are SSH upgrade, login, proftpd, glibc > update, kernel 2.2.20 (does anyone have any objections toOpenWall's > non-executable stack patch?). I am not doing anything for the next two > days, however, to make sure I am not stepping on anyone's toes. regarding the kernel - the last time the kernel was upgraded, the raid partition was wiped out, and it took us a full month to re-fill it (perhaps even more then a month, i don't remember). i suggest you upgrade other things, and leave the kernel alone for now. i'm in no mood to have another mirror wipeout right now. regarding upgrading login - is that done with an RH RPM? lets hope it does not render the machine useless ;) regarding ssh - last time i updated it, i compiled it from source (together with openssl), since it seemed that there is no safe ssh RPM from redhat for RH6.2. > I would also like to know whether there are any requirements, such as > the requirement that only OSes Ligad sell, regarding this server. Does > that mean an upgrade to a newer version is out of the question? i guess an upgrade to RH 7.X is possible - i'm just reluctant to do so - i don't yet trust 2.4 kernels for a busy server (and iglu can get a bit busy, with downloads from high-speed connections). i also don't see what we gain from this, other then easier maintanance in the future - so lets wait a while until we see 2.4.16 (or 2.4.17?) being reported as realy wlel behaving (all pervious 2.4 kernels are broken in various aspects). btw, tehre is no RPM for a newer 2.4 kernel from redhat, as far as i know, and i prefer hving an RPM-ed kernel. also, an upgrade to 2.4 is very liekly to break software raid again, and we have no means of backing up the mirror partition. and its not redundant - its the most important part of the site, and it takes several weeks to re-syncronize it. -- guy "For world domination - press 1, or dial 0, and please hold, for the creator." -- nob o. dy ---------------------------------------------------------------------------- To unsubscribe, send a message to [EMAIL PROTECTED] Archives available at http://www.mail-archive.com/[email protected]/
