Per Jessen wrote:
John Rudd wrote:
I've seen LOTS of so-focused-on-stability "if it ain't broke, don't
upgrade it" type shops in the Solaris arena ...
You'll likely find that in any production environment that is concerned
about uptime. The less change, the more uptime.
As far as Solaris goes, I typically update my core utilities like perl
and put them in /usr/local. I also change the $PATH in /etc/profile so
that /usr/local/bin comes first. That gives me control over what I and
my users see.
I replaced Solaris 7 with 8 seems like 9 or 10 years ago. Solaris 7 was
too hackable. Now, I haven't used Solaris 8 in about 4 years and am
currently replacing my Solaris 9 boxes with Solaris 10 boxes. However,
even in the newest, I still typically update my core utilities like
perl. I simply need more control over them and need them to be more
up-to-date, whether I compile them myself or get them from sunfreeware.
As far as down time ;) , earlier this week I updated a couple of my
Solaris 10 boxes. I went from Solaris 10 5/08 U5 to Solaris 10 5/09 U7.
I did the update during peak hours and also applied the latest
recommended and security patches. Since I did it using Live Upgrade,
users were totally unaware, and services continued as though nothing
were going on. Then after the end of the work day, I issued an `init 6`.
When the server came back up a minute or two later, I checked all the
services, checked the update status, and then went home myself. If there
had been a problem, I could have reverted and booted off the original
image, leaving me right where I had started.
Gone are the days when you totally avoided upgrades because of the time,
hassle and risk involved.
Note also that Solaris 9 is now entering EOL. In the second stage of EOL
(where 8 is now, I believe), they no longer provide patches. This can be
a serious problem. If, for example, a serious bug is found in ssh that
allows a hack through ssh, then you are simply vulnerable unless you
upgrade your system or build and replace ssh on your own. If you are on
a private net behind a firewall, you may still be vulnerable, especially
if there is a flotilla of windows machines sitting around waiting to get
infected with whatever.
--
---------------
Chris Hoogendyk
-
O__ ---- Systems Administrator
c/ /'_ --- Biology & Geology Departments
(*) \(*) -- 140 Morrill Science Center
~~~~~~~~~~ - University of Massachusetts, Amherst
<hoogen...@bio.umass.edu>
---------------
Erdös 4