Kernel update for RHEL 5 -- Success
 

All:

Many thanks to Joey Prestia, Mark Roth, and Ben Kevan and for
the helpful advice on how to update the kernel for my RHEL 5 systems.
FYI, the update was completed without incident by:
1. Downloading kernel-2[1].6.18-92.1.22.el5.i686.rpm and
burning it to CD and sneakernetting the CD to the other network.
2. FTPing to each Linux box, beginning with the hot spare.
3. Renaming the file to remove the square brackets (I just
replaced them with dashes.
4. rpm -ivh kernel-2-1-.6.18-92.1.22.el5.i686.rpm.
5. Rebooting.

While I also I installed
kernel-doc-2[1].6.18-92.1.22.el5.noarch.rpm (with rpm -U) using the same
technique, it does not appear to be necessary.

The question of why is a valid one. As part of a defense in
depth strategy, we are required to keep up with all vendor security
patches. While nothing is completely hacker proof, we need to make
things as difficult as possible for the bad guys. This principle is
applied even for those devices which are not connected to the Internet.


Thanks again.
Howard

------------------------------------------------------------------------
------------------
IT Functionary, Navy Region Northwest
360-257-5673, DSN 820-5673, Fax 257-5315
howard.bledsoe@navy(.smil).mil, howard.bledsoe@nrnic.ic.gov


--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Kernel update for RHEL 5 -- Success
 

Bledsoe, Howard W CIV CNRNW, N632WI wrote:
> All:
>
> Many thanks to Joey Prestia, Mark Roth, and Ben Kevan and for
> the helpful advice on how to update the kernel for my RHEL 5 systems.
> FYI, the update was completed without incident by:
<snip>
> The question of why is a valid one. As part of a defense in
> depth strategy, we are required to keep up with all vendor security
> patches. While nothing is completely hacker proof, we need to make
> things as difficult as possible for the bad guys. This principle is
> applied even for those devices which are not connected to the Internet.

You've very welcome. One thing, though: is the system itself hardened? If not,
you should consider it, and for that, my best recommendation is Bastille Linux,
which is a hardening set of scripts, which I was just informed (during an
interview!) was mentioned and suggested by NIST.

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Kernel update for RHEL 5 -- Success
 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

mark wrote:
> Bledsoe, Howard W CIV CNRNW, N632WI wrote:
>> All:
>>
>> Many thanks to Joey Prestia, Mark Roth, and Ben Kevan and for
>> the helpful advice on how to update the kernel for my RHEL 5 systems.
>> FYI, the update was completed without incident by:

Your very welcome!! Anytime!


- --

Joey Prestia RHCE
L.G. Mirror Coordinator
http://linuxamd.com
Main Site: http://linuxgazette.net

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)
Comment: Using GnuPG with Mandriva - http://enigmail.mozdev.org

iEYEARECAAYFAklZpRIACgkQQtJW9lrW8nR0eQCfXFiz14jeuW HwMgVFbc1o3m8i
CYAAoJOkMWzldIQvJKn1kxJ+jc4PonwH
=XNiT
-----END PGP SIGNATURE-----

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Kernel update for RHEL 5 -- Success
 

On 12/30/08, mark <m.roth2006@rcn.com> wrote:
> You've very welcome. One thing, though: is the system itself hardened? If not,
> you should consider it, and for that, my best recommendation is Bastille Linux,
> which is a hardening set of scripts, which I was just informed (during an
> interview!) was mentioned and suggested by NIST.

As far as I know Bastille do not support RHEL5, and the Bastille
project also seems to be a bit stalled. According to the webpage a new
version was to be released on january 14th 2008, but it has not
appeared. The newest version I have found is 3.2.1 released sept 25th
2008.

Erling

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Kernel update for RHEL 5 -- Success
 

Erling Ringen Elvsrud wrote:
> On 12/30/08, mark <m.roth2006@rcn.com> wrote:
>> You've very welcome. One thing, though: is the system itself hardened? If not,
>> you should consider it, and for that, my best recommendation is Bastille Linux,
>> which is a hardening set of scripts, which I was just informed (during an
>> interview!) was mentioned and suggested by NIST.
>
> As far as I know Bastille do not support RHEL5, and the Bastille
> project also seems to be a bit stalled. According to the webpage a new
> version was to be released on january 14th 2008, but it has not
> appeared. The newest version I have found is 3.2.1 released sept 25th
> 2008.

Hmm... what's changed in RHEL5 that would prevent the current release of
Bastille from working?

mark

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Kernel update for RHEL 5 -- Success
 

On 1/7/09, mark <m.roth2006@rcn.com> wrote:
[...]
> Hmm... what's changed in RHEL5 that would prevent the current release of
> Bastille from working?

If I remember correctly Bastille fails with a message that it cannot
detect the RHEL-version. You can change /etc/redhat-release to a
supported version while running Bastille, but I'm not sure if Bastille
will work correctly.

Erling

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Kernel update for RHEL 5 -- Success
 

Can anyone recommend a hardening package comparable to Bastille for RHEL 5.2?

What are others using?

Thanks,
Tim


On 1/7/09, mark <m.roth2006@rcn.com> wrote:
[...]
> Hmm... what's changed in RHEL5 that would prevent the current release of
> Bastille from working?

If I remember correctly Bastille fails with a message that it cannot
detect the RHEL-version. You can change /etc/redhat-release to a
supported version while running Bastille, but I'm not sure if Bastille
will work correctly.

Erling

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list


This e-mail and any attachments may contain
confidential and privileged information. If you are
not the intended recipient, please notify the sender
immediately by return e-mail, delete this e-mail
and destroy any copies. Any dissemination or use
of this information by a person other than the
intended recipient is unauthorized and may be
illegal. Unless otherwise stated, opinions expressed
in this e-mail are those of the author and are not
endorsed by the author's employer.

Le présent message, ainsi que tout fichier qui y est
joint, est envoyé Ã* l'intention exclusive de son ou
de ses destinataires; il est de nature confidentielle
et peut constituer une information privilégiée. Nous
avertissons toute personne autre que le destinataire
prévu que tout examen, réacheminement, impression, copie,
distribution ou autre utilisation de ce message et de
tout fichier qui y est joint est strictement interdit.
Si vous n'êtes pas le destinataire prévu, veuillez en
aviser immédiatement l'expéditeur par retour de courriel
et supprimer ce message et tout document joint de votre système.
Sauf indication contraire, les opinions exprimées dans le présent
message sont celles de l’auteur et ne sont pas avalisées par
l’employeur de l’auteur.
--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list

Kernel update for RHEL 5 -- Success
 

Since Bastille mostly just make sure particular services are
deactivated, and that particular files have the correct permissions
set, I guess you could implement the same functionality in whatever
configuration system (CFengine, Puppet, etc) you are using.


On 1/22/09, De Vries, Timothy <Timothy.DeVries@bmo.com> wrote:
>
> Can anyone recommend a hardening package comparable to Bastille for RHEL 5.2?
>
> What are others using?
>
> Thanks,
> Tim
>
>
> On 1/7/09, mark <m.roth2006@rcn.com> wrote:
> [...]
> > Hmm... what's changed in RHEL5 that would prevent the current release of
> > Bastille from working?
>
> If I remember correctly Bastille fails with a message that it cannot
> detect the RHEL-version. You can change /etc/redhat-release to a
> supported version while running Bastille, but I'm not sure if Bastille
> will work correctly.
>
> Erling
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>
>
>
> This e-mail and any attachments may contain
> confidential and privileged information. If you are
> not the intended recipient, please notify the sender
> immediately by return e-mail, delete this e-mail
> and destroy any copies. Any dissemination or use
> of this information by a person other than the
> intended recipient is unauthorized and may be
> illegal. Unless otherwise stated, opinions expressed
> in this e-mail are those of the author and are not
> endorsed by the author's employer.
>
> Le présent message, ainsi que tout fichier qui y est
> joint, est envoyé à l'intention exclusive de son ou
> de ses destinataires; il est de nature confidentielle
> et peut constituer une information privilégiée. Nous
> avertissons toute personne autre que le destinataire
> prévu que tout examen, réacheminement, impression, copie,
> distribution ou autre utilisation de ce message et de
> tout fichier qui y est joint est strictement interdit.
> Si vous n'êtes pas le destinataire prévu, veuillez en
> aviser immédiatement l'expéditeur par retour de courriel
> et supprimer ce message et tout document joint de votre système.
> Sauf indication contraire, les opinions exprimées dans le présent
> message sont celles de l'auteur et ne sont pas avalisées par
> l'employeur de l'auteur.
>
> --
> redhat-list mailing list
> unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
> https://www.redhat.com/mailman/listinfo/redhat-list
>

--
redhat-list mailing list
unsubscribe mailto:redhat-list-request@redhat.com?subject=unsubscribe
https://www.redhat.com/mailman/listinfo/redhat-list