Can someone please SHOUT at Redhat for me?
George Magklaras
georgios at biotek.uio.no
Wed Sep 3 09:18:47 UTC 2008
:-)
It happens, but it should leave an .rpmsave file. Which is why we have a
cronjob looking for these "constructive changes" about every hour, see
an md5sum (aka tripwire) and if necessary replacing with the .rpmsave
file (or other original file) restarting the service. For production
systems, I would do that for sshd/ssh , samba , named, dhcpd and httpd.
It could take you an hour to implement and save you hours of raised
blood pressure.
Alternatively, you apply the updates so that they happen at certain
intervals/few systems, so you are there and know what to expect. This is
also a valid approach if you have a spare old box and use xen or vmware
to replicate the production system config. You apply the updates there
first, see what breaks and know what to expect.
GM
--
--
George Magklaras
Senior Computer Systems Engineer/UNIX Systems Administrator
EMBnet Technical Management Board
The Biotechnology Centre of Oslo,
University of Oslo
http://folk.uio.no/georgios
Neil Marjoram wrote:
> I don't have support for my installs, but I would like to shout again at
> Redhat for overwriting the Bind /etc/sysconfig/named file, can someone
> do this for me?
>
> Start rant....
>
> Look Redhat - This really does not help much at all. I have enough to
> worry about with script kiddies, without have to worry about who gave me
> a denial of service attack against Bind, only to find out it was Redhat.
>
> Leave my config files alone!!!
>
> ....End of rant!
>
> Thanks, needed that!
More information about the redhat-list
mailing list