FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Red Hat Linux

 
 
LinkBack Thread Tools
 
Old 09-03-2008, 07:31 AM
Neil Marjoram
 
Default Can someone please SHOUT at Redhat for me?

I don't have support for my installs, but I would like to shout again at
Redhat for overwriting the Bind /etc/sysconfig/named file, can someone
do this for me?


Start rant....

Look Redhat - This really does not help much at all. I have enough to
worry about with script kiddies, without have to worry about who gave me
a denial of service attack against Bind, only to find out it was Redhat.


Leave my config files alone!!!

....End of rant!

Thanks, needed that!
--
Neil Marjoram
Systems Manager
Adastral Park Campus
University College London
Ross Building
Adastral Park
Martlesham Heath
Ipswich - Suffolk
IP5 3RE


Reclaim Your Inbox!
http://www.mozilla.org/products/thunderbird

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 09-03-2008, 09:18 AM
George Magklaras
 
Default Can someone please SHOUT at Redhat for me?

:-)

It happens, but it should leave an .rpmsave file. Which is why we have a
cronjob looking for these "constructive changes" about every hour, see
an md5sum (aka tripwire) and if necessary replacing with the .rpmsave
file (or other original file) restarting the service. For production
systems, I would do that for sshd/ssh , samba , named, dhcpd and httpd.
It could take you an hour to implement and save you hours of raised
blood pressure.


Alternatively, you apply the updates so that they happen at certain
intervals/few systems, so you are there and know what to expect. This is
also a valid approach if you have a spare old box and use xen or vmware
to replicate the production system config. You apply the updates there
first, see what breaks and know what to expect.



GM

--
--
George Magklaras

Senior Computer Systems Engineer/UNIX Systems Administrator
EMBnet Technical Management Board
The Biotechnology Centre of Oslo,
University of Oslo
http://folk.uio.no/georgios

Neil Marjoram wrote:
I don't have support for my installs, but I would like to shout again at
Redhat for overwriting the Bind /etc/sysconfig/named file, can someone
do this for me?


Start rant....

Look Redhat - This really does not help much at all. I have enough to
worry about with script kiddies, without have to worry about who gave me
a denial of service attack against Bind, only to find out it was Redhat.


Leave my config files alone!!!

....End of rant!

Thanks, needed that!




--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 09-03-2008, 12:16 PM
Neil Marjoram
 
Default Can someone please SHOUT at Redhat for me?

I saw this first some months ago, it did leave an rpmsave, but this was
the standard file too. I keep an hourly backup of all my config files so
it's not to bad to fix. Really it's just annoying, for some years I have
been running unattended patching and now I have to do it properly in
case RH muck it up!! Thats what I do with other nonoperating systems!


Neil.

George Magklaras wrote:

:-)

It happens, but it should leave an .rpmsave file. Which is why we have a
cronjob looking for these "constructive changes" about every hour, see
an md5sum (aka tripwire) and if necessary replacing with the .rpmsave
file (or other original file) restarting the service. For production
systems, I would do that for sshd/ssh , samba , named, dhcpd and httpd.
It could take you an hour to implement and save you hours of raised
blood pressure.


Alternatively, you apply the updates so that they happen at certain
intervals/few systems, so you are there and know what to expect. This is
also a valid approach if you have a spare old box and use xen or vmware
to replicate the production system config. You apply the updates there
first, see what breaks and know what to expect.



GM



--
Neil Marjoram
Systems Manager
Adastral Park Campus
University College London
Ross Building
Adastral Park
Martlesham Heath
Ipswich - Suffolk
IP5 3RE

Tel: 01473 663711
Fax: 01473 635199


Reclaim Your Inbox!
http://www.mozilla.org/products/thunderbird

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 09-03-2008, 01:03 PM
Harry Hoffman
 
Default Can someone please SHOUT at Redhat for me?

up2date, and yum both let you know when a file is being replaced (it's
actually rpm that tells you).

A word of advice would be, if you are going to update your systems you
should collect the output of the update manager and use that to decide
if you need to make any config file changes.

Cheers,
Harry


On Wed, 2008-09-03 at 08:31 +0100, Neil Marjoram wrote:
> I don't have support for my installs, but I would like to shout again at
> Redhat for overwriting the Bind /etc/sysconfig/named file, can someone
> do this for me?
>
> Start rant....
>
> Look Redhat - This really does not help much at all. I have enough to
> worry about with script kiddies, without have to worry about who gave me
> a denial of service attack against Bind, only to find out it was Redhat.
>
> Leave my config files alone!!!
>
> ....End of rant!
>
> Thanks, needed that!
> --
> Neil Marjoram
> Systems Manager
> Adastral Park Campus
> University College London
> Ross Building
> Adastral Park
> Martlesham Heath
> Ipswich - Suffolk
> IP5 3RE
>
>
> Reclaim Your Inbox!
> http://www.mozilla.org/products/thunderbird
>

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 09-03-2008, 01:44 PM
Ryan Golhar
 
Default Can someone please SHOUT at Redhat for me?

This happened a long time ago for with me with my ldap directory being
overwritten. Since then I've stopped applying automatic pathes from
redhat on my servers. Instead, I do it by hand. It might take a bit
longer but I'd rather be safe.


Harry Hoffman wrote:

up2date, and yum both let you know when a file is being replaced (it's
actually rpm that tells you).

A word of advice would be, if you are going to update your systems you
should collect the output of the update manager and use that to decide
if you need to make any config file changes.

Cheers,
Harry


On Wed, 2008-09-03 at 08:31 +0100, Neil Marjoram wrote:
I don't have support for my installs, but I would like to shout again at
Redhat for overwriting the Bind /etc/sysconfig/named file, can someone
do this for me?


Start rant....

Look Redhat - This really does not help much at all. I have enough to
worry about with script kiddies, without have to worry about who gave me
a denial of service attack against Bind, only to find out it was Redhat.


Leave my config files alone!!!

....End of rant!

Thanks, needed that!
--
Neil Marjoram
Systems Manager
Adastral Park Campus
University College London
Ross Building
Adastral Park
Martlesham Heath
Ipswich - Suffolk
IP5 3RE


Reclaim Your Inbox!
http://www.mozilla.org/products/thunderbird



--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 09-04-2008, 03:08 PM
Ben Kevan
 
Default Can someone please SHOUT at Redhat for me?

On Wednesday 03 September 2008 06:44:09 am Ryan Golhar wrote:
> This happened a long time ago for with me with my ldap directory being
> overwritten. Since then I've stopped applying automatic pathes from
> redhat on my servers. Instead, I do it by hand. It might take a bit
> longer but I'd rather be safe.
>

Why doesn't everyone just exclude the "important" packages on your critical
production servers? Seems like the most logical thing.

You wouldn't want Java updating on a whim on many weblogic / tomcat servers..
so you just exclude em..

But after reading this, I think i'll have to implement searching for
the .rmpsave's, seems as though many have gotten bitten.

Ben

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 
Old 09-05-2008, 11:32 AM
Stephen Carville
 
Default Can someone please SHOUT at Redhat for me?

I can't say as I've ever been bitten by this but this year I installed the Gnu
Configuration Engine and put just about all my config files in a subversion
repository. If an update overwrites one of them, cfengine changes it back
and sends me an email with the details.

--
Stephen

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list
 

Thread Tools




All times are GMT. The time now is 12:17 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org