Re: system is up 1 year
Jason Dunsmore wrote: On 9/16/06, Michelle Konzack [EMAIL PROTECTED] wrote: Am 2006-09-15 09:47:12, schrieb Jason Dunsmore: Can you give some references? Thanks. What references do you want? I was wondering if there were references that support what you said about security and Linux uptime (see below). Or was this just your personal experience? What I think she is saying is that even in Sarge there have been several security vulnerabilities fixed in the kernel packages / source over (for example) the last 6 months. This applies to both 2.4 and 2.6. Therefore, as you pretty much have to reboot the machine after a kernel upgrade (unless you play with that hot-swap kernel stuff that I know nothing about), if you have a large uptime then you may well be running a kernel with security vulnerabilities. I guess whether or they are serious or apply on your set of hardware will vary. Personally, I prefer not to think about that too much and just upgrade if there is a security fix. -- George Borisov DXSolutions Ltd signature.asc Description: OpenPGP digital signature
Re: system is up 1 year
Am 2006-09-18 13:23:58, schrieb Jason Dunsmore: I was wondering if there were references that support what you said about security and Linux uptime (see below). Or was this just your personal experience? Generaly a personal experience while reading the CAN/DSA. If you see, HOW a kernel can exploited, you will do good, if you regulayr update it. I have several sensible systems Online and it is a must! Thanks, Greetings and nice Day Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/6/6192519367100 Strasbourg/France IRC #Debian (irc.icq.com) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: system is up 1 year
Am 2006-09-15 09:47:12, schrieb Jason Dunsmore: Can you give some references? Thanks. What references do you want? You can check www.kernel.org once per day and download the new Kernel sources or diffs if availlable. This is much faster thewn waiting on a Debian Kernel, and, - you can build it with make-kpkg too. Thanks, Greetings and nice Day Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/6/6192519367100 Strasbourg/France IRC #Debian (irc.icq.com) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: system is up 1 year
On 9/16/06, Michelle Konzack [EMAIL PROTECTED] wrote: Am 2006-09-15 09:47:12, schrieb Jason Dunsmore: Can you give some references? Thanks. What references do you want? I was wondering if there were references that support what you said about security and Linux uptime (see below). Or was this just your personal experience? Thanks, Jason http://klive.cpushare.com/2.6.11.6-procmail/ shows that the system is up one year. Not bad. FALSE! - Realy Bad! I run a Router/Firewall with Linux 2.4.32 and its uptime is currently 55 days 22 hours which is the highest uptime I ever had. All of my public Servers running Linux 2.6 had Uptimes of maximum 35 days envirnement. Linux 2.6 have to many security problems as it can run over 35 days. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: system is up 1 year
On 9/13/06, Michelle Konzack [EMAIL PROTECTED] wrote: Am 2006-09-10 14:12:51, schrieb Hugo Vanwoerkom: Hi, http://klive.cpushare.com/2.6.11.6-procmail/ shows that the system is up one year. Not bad. FALSE! - Realy Bad! I run a Router/Firewall with Linux 2.4.32 and its uptime is currently 55 days 22 hours which is the highest uptime I ever had. All of my public Servers running Linux 2.6 had Uptimes of maximum 35 days envirnement. Linux 2.6 have to many security problems as it can run over 35 days. Can you give some references? Thanks. -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: system is up 1 year
Am 2006-09-10 14:12:51, schrieb Hugo Vanwoerkom: Hi, http://klive.cpushare.com/2.6.11.6-procmail/ shows that the system is up one year. Not bad. FALSE! - Realy Bad! I run a Router/Firewall with Linux 2.4.32 and its uptime is currently 55 days 22 hours which is the highest uptime I ever had. All of my public Servers running Linux 2.6 had Uptimes of maximum 35 days envirnement. Linux 2.6 have to many security problems as it can run over 35 days. Thanks, Greetings and nice Day Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/6/6192519367100 Strasbourg/France IRC #Debian (irc.icq.com) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: system is up 1 year
Am 2006-09-10 16:45:04, schrieb Ron Johnson: That is if the kernel is at (more than slight) risk of infection. Right If you sit behind a firewalling router, don't run an httpd, an ftpd, etc, how much at risk are you? Extremly High! Since the Router/Firewall (AS) is currently a Debian system but running Linux 2.4.32... Thanks, Greetings and nice Day Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/6/6192519367100 Strasbourg/France IRC #Debian (irc.icq.com) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: system is up 1 year
Am 2006-09-10 18:32:09, schrieb Ron Johnson: On 09/10/06 17:54, Marc Wilson wrote: Depends. Is the firewalling router the Linux box with the year uptime? No, it's a little Netgear RP614v2. The 614 have security problems... I prefer the 834 since it run Linux... (source tarball availlable €netgear) Thanks, Greetings and nice Day Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/6/6192519367100 Strasbourg/France IRC #Debian (irc.icq.com) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: system is up 1 year
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/13/06 07:21, Michelle Konzack wrote: Am 2006-09-10 18:32:09, schrieb Ron Johnson: On 09/10/06 17:54, Marc Wilson wrote: Depends. Is the firewalling router the Linux box with the year uptime? No, it's a little Netgear RP614v2. The 614 have security problems... IIRC that was the regular 614, not the v2. I prefer the 834 since it run Linux... (source tarball availlable €netgear) It's an ADSL router. Unsuitable for my needs. - -- Ron Johnson, Jr. Jefferson LA USA Is common sense really valid? For example, it is common sense to white-power racists that whites are superior to blacks, and that those with brown skins are mud people. However, that common sense is obviously wrong. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFCZLES9HxQb37XmcRAmOqAKC41LKf4jTKOoHtiqk1cEKVhTnoSQCfTEoS Ndo5PmsMcbxkogjSx+RjrJs= =nZSz -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: system is up 1 year
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/13/06 07:19, Michelle Konzack wrote: Am 2006-09-10 16:45:04, schrieb Ron Johnson: That is if the kernel is at (more than slight) risk of infection. Right If you sit behind a firewalling router, don't run an httpd, an ftpd, etc, how much at risk are you? Extremly High! Since the Router/Firewall (AS) is currently a Debian system but running Linux 2.4.32... Who's router is running Linux 2.4.32? - -- Ron Johnson, Jr. Jefferson LA USA Is common sense really valid? For example, it is common sense to white-power racists that whites are superior to blacks, and that those with brown skins are mud people. However, that common sense is obviously wrong. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFCZMFS9HxQb37XmcRAvd0AJ9qz8hNjyXtINymqAAP54cEIp/w1gCfbQYs cR49f5kBXZO4gjxiPaxU8Qs= =MiaP -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: system is up 1 year
Am 2006-09-14 12:36:05, schrieb Ron Johnson: Who's router is running Linux 2.4.32? 2.4.32 is much more stable then a 2.6.18 has less bugs and can run with 12 MB of memory in embedded Systems for example. If you want to run a 2.6 then you need at least 24 MByte of memory and forced to upgrade several times per month. Thanks, Greetings and nice Day Michelle Konzack Systemadministrator Tamay Dogan Network Debian GNU/Linux Consultant -- Linux-User #280138 with the Linux Counter, http://counter.li.org/ # Debian GNU/Linux Consultant # Michelle Konzack Apt. 917 ICQ #328449886 50, rue de Soultz MSM LinuxMichi 0033/6/6192519367100 Strasbourg/France IRC #Debian (irc.icq.com) -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: system is up 1 year
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/14/06 13:39, Michelle Konzack wrote: Am 2006-09-14 12:36:05, schrieb Ron Johnson: Who's router is running Linux 2.4.32? 2.4.32 is much more stable then a 2.6.18 has less bugs and can run with 12 MB of memory in embedded Systems for example. If you want to run a 2.6 then you need at least 24 MByte of memory and forced to upgrade several times per month. But that doesn't answer my question. :( - -- Ron Johnson, Jr. Jefferson LA USA Is common sense really valid? For example, it is common sense to white-power racists that whites are superior to blacks, and that those with brown skins are mud people. However, that common sense is obviously wrong. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFCaYVS9HxQb37XmcRAnOkAJ4jlHBLDo3Q9hSWE9EutfOL9nooTACglCA9 jj1F0joYCvX/E+HQleBbzDg= =6Unn -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
system is up 1 year
Hi, http://klive.cpushare.com/2.6.11.6-procmail/ shows that the system is up one year. Not bad. H -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: system is up 1 year
On Sun, Sep 10, 2006 at 02:12:51PM -0500, Hugo Vanwoerkom wrote: Hi, http://klive.cpushare.com/2.6.11.6-procmail/ shows that the system is up one year. Not bad. Actually, I would say that it is very bad: http://secunia.com/product/2719/?task=advisories_2006 There are 31 security advisories against Linux 2.6 so far in 2006, some of which are rated as moderately critical. I would say that a Linux 2.6 box with one year of up time is one with many exploitable, some even remote, vulnerabilities. While I am all in favor of trumpeting the stability of Linux, uptime should not be the primary measure of that. Regards, -Roberto -- Roberto C. Sanchez http://familiasanchez.net/~roberto signature.asc Description: Digital signature
Re: system is up 1 year
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/10/06 16:34, Roberto C. Sanchez wrote: On Sun, Sep 10, 2006 at 02:12:51PM -0500, Hugo Vanwoerkom wrote: Hi, http://klive.cpushare.com/2.6.11.6-procmail/ shows that the system is up one year. Not bad. Actually, I would say that it is very bad: http://secunia.com/product/2719/?task=advisories_2006 There are 31 security advisories against Linux 2.6 so far in 2006, some of which are rated as moderately critical. I would say that a Linux 2.6 box with one year of up time is one with many exploitable, some even remote, vulnerabilities. While I am all in favor of trumpeting the stability of Linux, uptime should not be the primary measure of that. That is if the kernel is at (more than slight) risk of infection. If you sit behind a firewalling router, don't run an httpd, an ftpd, etc, how much at risk are you? - -- Ron Johnson, Jr. Jefferson LA USA Is common sense really valid? For example, it is common sense to white-power racists that whites are superior to blacks, and that those with brown skins are mud people. However, that common sense is obviously wrong. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFBIdgS9HxQb37XmcRArGuAKCJavcocr8PKZgHADOanF4kRXkjuACgqE9I AF5j1y3SHtdvQsaZH2aO5Go= =xjUg -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: system is up 1 year
On 10.09.06 14:12, Hugo Vanwoerkom wrote: http://klive.cpushare.com/2.6.11.6-procmail/ shows that the system is up one year. Not bad. I (and not only me) hate the 32-bit time counter in 2.4 kernels... it wraps after something over 497 days, so in 'ud' output I had to add 1st highest time (497) to 3rd highest (80) to get the real uptime (577). Not bad ;-) -- Matus UHLAR - fantomas, [EMAIL PROTECTED] ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Due to unexpected conditions Windows 2000 will be released in first quarter of year 1901 -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: system is up 1 year
On Sun, Sep 10, 2006 at 04:45:04PM -0500, Ron Johnson wrote: If you sit behind a firewalling router, don't run an httpd, an ftpd, etc, how much at risk are you? Depends. Is the firewalling router the Linux box with the year uptime? -- Marc Wilson | The advertisement is the most truthful part of [EMAIL PROTECTED] | a newspaper. -- Thomas Jefferson signature.asc Description: Digital signature
Re: system is up 1 year
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 On 09/10/06 17:54, Marc Wilson wrote: On Sun, Sep 10, 2006 at 04:45:04PM -0500, Ron Johnson wrote: If you sit behind a firewalling router, don't run an httpd, an ftpd, etc, how much at risk are you? Depends. Is the firewalling router the Linux box with the year uptime? No, it's a little Netgear RP614v2. - -- Ron Johnson, Jr. Jefferson LA USA Is common sense really valid? For example, it is common sense to white-power racists that whites are superior to blacks, and that those with brown skins are mud people. However, that common sense is obviously wrong. -BEGIN PGP SIGNATURE- Version: GnuPG v1.4.5 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD8DBQFFBKB5S9HxQb37XmcRAlNIAKC2uQY9smD1OmjhnccjXIfs4qLu0wCfYCQ7 77mnfcQmGQI0RB5lYywqJSo= =nCdc -END PGP SIGNATURE- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Re: system is up 1 year
On Sun, 10 Sep 2006, Ron Johnson wrote: That is if the kernel is at (more than slight) risk of infection. If you sit behind a firewalling router, don't run an httpd, an ftpd, etc, how much at risk are you? As Marc Wilson said, it depends. A local root exploit (in the kernel for example) combined with a remote exploit that does not itself grant root access can equal a remote root exploit. Wham bam, r00ted system. Rob -- Robert Brockway B.Sc.Phone: +1-905-821-2327 Senior Technical Consultant Urgent Support: +1-416-669-3073 OpenTrend Solutions Ltd Email: [EMAIL PROTECTED] Web:www.opentrend.net -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]