Remote update of systems - how do I block this?

Cannon, Andrew Andrew.Cannon at amecnnc.com
Mon Oct 17 06:59:38 UTC 2005 

Stuart,

I understand.  Thanks, I'm a lot less worried now.

Andrew

-----Original Message-----
From: Stuart Sears [mailto:stuart at sjsears.com]
Sent: 16 October 2005 13:09
To: General Red Hat Linux discussion list
Subject: Re: Remote update of systems - how do I block this?


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Cannon, Andrew enlightened us with the following gems on 14/10/05 11:32:
> Hi All,
> 
> I found out yesterday that there is an option to remotely update your
system
> with the latest Red hat patches.  What is the configuration for this and
how
> do I block it?  Specifically, what settings do I need to apply to our
> corporate firewall to block the inbound connections?  
This is normally managed through up2date and RHN - there should really
be no way that an external host can force your system to update itself,
if that is what worries you.

The way this is intended to work is....
1) you log in to https://rhn.redhat.com
2) you schedule a package install for you machine
3) every so often your machine will check in with rhn (the command it
actually runs is /usr/sbin/rhn_check) and then perform the action you
have scheduled

so all actions are instigated locally, not remotely

does this ease your mind a tad?

if you just want to disable checking for updates (automatic installation
is *off* by default) then
chkconfig rhnsd off
service rhnsd stop

Regards,

Stuart
- --
Stuart Sears RHCE RHCX
DPRINTK("doing direct send\n"); /* @@@ well, this doesn't work anyway */
        linux-2.6.6/drivers/atm/eni.c
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.1 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org

iD8DBQFDUkLBamPtx1brPQ4RAsW2AJ96hsrnlC9nA1KakKtNemexuiPNQACfeJgs
f9pr2qtsAr4anXunzaT5xpU=
=YcdS
-----END PGP SIGNATURE-----



**********************************************************************
AMEC Nuclear Holdings Limited (no. 3725076), AMEC NNC Limited (no. 1120437), National Nuclear Corporation Limited (no. 2290928), STATS-NNC Limited (no. 4339062) and Technica-NNC Limited (no. 235856).  The registered office of each company is at Booths Hall, Chelford Road, Knutsford, Cheshire WA16 8QZ except for Technica-NNC Limited whose registered office is at Citygate, Altens Farm Road, Aberdeen, Aberdeenshire, AB12 3LB.  AMEC NNC's head office and principal address is Booths Hall and the switchboard number is 01565 633800.  
The AMEC NNC website is www.amecnnc.com

Any request, advice, information or opinion in this message which does not relate to the business of any of the above companies is not authorised by any of the above companies.  Where this message does so relate,  it is sent by the relevant company (as above) and is confidential and intended for the use of the individual or entity to whom it is addressed.  The content is subject to contract and, unless so stated, does not form part of any contract.  If you have received this e-mail in error please notify the AMEC NNC system manager by email at eadm at amecnnc.com.
**********************************************************************

More information about the redhat-list mailing list