I lucked in with this one from ‘looking good to the clients’ point of view.
I use logwatch and a couple of home-grown scripts to email me a bunch of info from all the servers I look after for my own clients, and was up at 4am this morning because I couldn’t sleep and decided to skim the emails. End result: I had an email in all my customers email inboxes this morning at 5am saying I’d checked and patched their servers where required, and they needn’t worry about the media coverage of the problem. I rock. :-) Totally agreed on cpanel and it’s friends. The worst thing is firms install those tools on AWS or similar cloud servers, and because cpanel has a ‘secure’ smell of some sort to non-command-line-savy folks they thing they’ve done their job. I’ve just taken over a poorly implemented set of linode servers running ISPconfig and I’m going to have to chuck it out I think as someone has replicated binaries and configs between different versions/distros of Linux over quite a period of time and it’s become hosting soup! :-) Have you every had a server hand-grenades by cron-apt/yum-cron? I got bitten a few years ago using a home-brew auto-apt update which installed a breaking regression and have used a cron job that apt-get update && apt-get -s upgrade > mailx instead now… Cheers, Chris H. On 25/09/2014, at 5:00 pm, Steve Holdoway <[email protected]> wrote: > So bash is shellshocked > hey you apache users > get it patched right now > > Unfortunately those devs who think they can make sites production ready > through dashboards like cPanel and Plesk ( not singling them out, just > using common ones as examples! ) can easily set stuff up with cgi > without knowing. > > Hardcone nginx / fastcgi junkies on the command line shouldn't really be > affected. I just wrote a script to go round and update my clients as the > press had put the wind up a few of them. > > TBH for the hands-off ones I install yum-cron / cron-apt so it would > have been fixed by tomorrow automagically anyway... > > Steve > > On Thu, 2014-09-25 at 16:39 +1200, Chris Hellyar wrote: >> Thinking topical, >> It consumed most of the day >> as a precaution >> >> An exploit is found >> Bash, CGI scripting flaw >> new patches employed >> >> If you host on line >> your version of bash do check >> The repos refreshed >> >> >> Fin. :-) >> >> For those who have no idea what I'm on about: >> >> http://www.theregister.co.uk/2014/09/24/bash_shell_vuln/ >> >> There are some great headlines doing the rounds.. This one takes the >> cake I think: >> >> http://www.wired.com/2014/09/internet-braces-crazy-shellshock-worm/ >> >> (What worm? Wired should know better!) >> >> http://www.nbcnews.com/tech/security/new-bash-bug-could-pose-bigger-threat-heartbleed-n211006 >> >> http://www.smh.com.au/it-pro/security-it/shell-shock-bash-bug-labelled-largest-ever-to-hit-the-internet-20140925-10ltx1.html >> >> Great stuff... >> >> Considering the major attack vector would be bash CGI scripts which >> anyone with a brain stopped using about 10 years ago I'm picking someone >> got a bit excited and then the other news media got hold of it. >> >> Anyway, Debian and RH have both updated their repos... Illuminos, >> SmartOS and Solaris appear not to be caught up in it due to compile-time >> options for bash, and no-one who's got any sense uses OS X to host >> something on the public Internet anyway. I think that covers 99% of the >> *ix hosting these days? >> >> >> >> On 25/09/14 16:01, Chris Hellyar wrote: >>> On servers remote >>> in Datacenters, lights out. >>> Debian Makes sense. >>> >>> On Desktops deployed >>> Surfing the great unknown >>> Ubuntu's at home. >>> >>> For uptime you care >>> five nines the contract denotes >>> roll out Solaris. >>> >>> The data is large >>> complex structures, indexes worse >>> informix knows best >>> >>> as tight as a drum >>> in security it shines >>> lock down, BSD >>> >>> Slow day. >>> >>> >>> >>> >>> On 25/09/14 13:42, Derek Smithies wrote: >>>> Hi, >>>> but it is so true >>>> for all who just want to do >>>> you go ubuntu >>>> >>>> Derek. >>>> On 25/09/14 13:37, Douglas Royds wrote: >>>>> Old duffers maintain >>>>> that Debian is the source, >>>>> the One True Distro >>>>> >>>>> On 24 September 2014 22:21, Chris Hellyar <[email protected]> wrote: >>>>>> Back to Debian >>>>>> for stability I crave >>>>>> farewell, Ubuntu. >>>>>> >>>>>> (made the shift with my last rebuild, happy camper now..) >>>>>> >>>>>> >>>>>> On 24/09/2014, at 9:55 pm, Nick Rout <[email protected]> wrote: >>>>>> >>>>>>> On Wed, Sep 24, 2014 at 7:40 PM, David Lowe >>>>>>> <[email protected]> wrote: >>>>>>>> On 24/09/2014 6:06 pm, "Nick Rout" <[email protected]> wrote: >>> >>> _______________________________________________ >>> Linux-users mailing list >>> [email protected] >>> http://lists.canterbury.ac.nz/mailman/listinfo/linux-users >> >> _______________________________________________ >> Linux-users mailing list >> [email protected] >> http://lists.canterbury.ac.nz/mailman/listinfo/linux-users > > -- > Steve Holdoway BSc(Hons) MIITP > http://www.greengecko.co.nz > Linkedin: http://www.linkedin.com/in/steveholdoway > Skype: sholdowa > > _______________________________________________ > Linux-users mailing list > [email protected] > http://lists.canterbury.ac.nz/mailman/listinfo/linux-users _______________________________________________ Linux-users mailing list [email protected] http://lists.canterbury.ac.nz/mailman/listinfo/linux-users
