Message: 1 Date: Tue, 05 Jun 2001 15:40:45 +0100 From: Neill Newman neill@entora.co.uk Organization: Entora Ltd To: "'alug@stu.uea.ac.uk'" alug@stu.uea.ac.uk Subject: Re: [Alug] A Couple of responses in one :
Earl Brannigan wrote:
MJR Wrote :
I'd certainly still be interested. It would also be nice to be on
the
sending end of one of these attacks for a change...!
For a change!?!?!......been on the receiving end then? I have. Recently had to completely rebuild a webserver because it had been
rooted,
trojaned, backdoored etc. There was no way to undo the mess that had
been
caused. I beleieve it was hacked via a bind overflow.
aarrgghhh how many times.. apply the updates and this is less likely to happen..(not impossible mind you)
If you want I can do a 10 minute demo at the barbeque on how to make a machine install updates automatically if it will encourage people to do this... I currently have 30 or so machines doing automatic updates, and I have to do about 5 minutes a week to make it work smoothly, all it took was a little time upfront...
I'm sure Earl will now verify, doing 5 minutes admin a week is worth it when compared to a machine rebuild... especially when it is a production machine....
Argggggggh to you too ! ;o) The Machine in question is a cobalt and unfortunately they're slightly later than most with updates. Actually I fully agree with you. I have an little script which daily checks the update site. (though I only have it advising me if there is a change, I haven't worked out how to get the updates automatically by script...if anyone has played with a cobalt you'll know that there is only one route for applying patches. If you're a bit of a wiz with scripts though I'd be glad to get some info off you. Cheers Earl
Earl Brannigan wrote:
Argggggggh to you too ! ;o)
aarrghhhh ;)...
The Machine in question is a cobalt and unfortunately they're slightly later than most with updates.
yes, a friend uses cobalt and he hates them with a passion, are these the old non intel ones ?? or the newer i386 ones ?
Actually I fully agree with you. I have an little script which daily checks the update site. (though I only have it advising me if there is a change, I haven't worked out how to get the updates automatically by script...if anyone has played with a cobalt you'll know that there is only one route for applying patches.
I have to admit, I haven't pulled apart a cobalt, from what I can gleam from their website they are running some form of redhat, is this right ?? if so it will be very easy to intergrate auto updating into your scripts, if it dosen't use rpms and you can point me towards the package management docs I can soon convert any script to do what you want... I'm in the process of converting the scripts to use the pkg program in solaris.
be warned when doing this though, I usually setup a seperate test machine which the updates get applied to first (and tested!)... don't just update directly from the update site.. this is considered a bad thing (tm).... (remember tcp_wrappers!)...
If you're a bit of a wiz with scripts though I'd be glad to get some info off you.
sure no probs... let me know what's on ya mind ;)
Cheers Earl
Cheers Neill
For reference, cobalt distributes .pkg's on their update site - these are nothing but gzipped tar files (or might be simply tar files)- which from memory which actually conatain RPMS's, and instructions for the cobalt on how to install them (ie it has additional tidy scripts).
Cobalts are always a little arggggh though.
Dan
-
Dan Jones -
Earl Brannigan -
Neill Newman