[lug] Ancient RH box hacked, which packages must be updated?
David Anselmi
anselmi at anselmi.us
Fri Mar 26 07:57:08 MST 2004
Bear Giles wrote:
> My company is in the process of migrating from an ancient RH server to a
> current RHE or Debian box, but in the meanwhile somebody has hacked our
> box. Does anyone know which packages *must* be updated because of known
> exploits, or should we consider it a lost cause and put all of our
> effort into migrating to the new platform?
You can find a list of security fixes for RH 7 here:
https://rhn.redhat.com/errata/rh7-errata-security.html
and also for 8 and 9. I'm not sure what good that does you, stuff in RH
7 probably has holes that weren't fixed until 8 or 9 and you probably
can't run RH 9 packages on RH 7. If you're RH is older than 7 you'll
have to look harder for security advisories but there may be a mailing
list archive out there.
Is tripwire making it easy to clean up the hack?
How did the cracker get in? If it isn't an essential service maybe you
can block enough to keep it up for a few weeks. If it is an essential
service, and you can't patch it, doesn't seem like it's worth the effort.
Dave
More information about the LUG
mailing list