Remote update of systems - how do I block this?
Stuart Sears
stuart at sjsears.com
Sun Oct 16 12:08:33 UTC 2005
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Cannon, Andrew enlightened us with the following gems on 14/10/05 11:32:
> Hi All,
>
> I found out yesterday that there is an option to remotely update your system
> with the latest Red hat patches. What is the configuration for this and how
> do I block it? Specifically, what settings do I need to apply to our
> corporate firewall to block the inbound connections?
This is normally managed through up2date and RHN - there should really
be no way that an external host can force your system to update itself,
if that is what worries you.
The way this is intended to work is....
1) you log in to https://rhn.redhat.com
2) you schedule a package install for you machine
3) every so often your machine will check in with rhn (the command it
actually runs is /usr/sbin/rhn_check) and then perform the action you
have scheduled
so all actions are instigated locally, not remotely
does this ease your mind a tad?
if you just want to disable checking for updates (automatic installation
is *off* by default) then
chkconfig rhnsd off
service rhnsd stop
Regards,
Stuart
- --
Stuart Sears RHCE RHCX
DPRINTK("doing direct send\n"); /* @@@ well, this doesn't work anyway */
linux-2.6.6/drivers/atm/eni.c
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org
iD8DBQFDUkLBamPtx1brPQ4RAsW2AJ96hsrnlC9nA1KakKtNemexuiPNQACfeJgs
f9pr2qtsAr4anXunzaT5xpU=
=YcdS
-----END PGP SIGNATURE-----
More information about the redhat-list
mailing list