[lug] Ancient RH box hacked, which packages must be updated?
Daniel Miller
dan.miller at usu.edu
Fri Mar 26 00:53:18 MST 2004
On Thu, 25 Mar 2004 17:20:18 -0700
Bear Giles <bgiles at coyotesong.com> wrote:
> My company is in the process of migrating from an ancient
> RH server to a current RHE or Debian box, but in the
> meanwhile somebody has hacked our box. Does anyone know
> which packages *must* be updated because of known
> exploits, or should we consider
> it a lost cause and put all of our effort into migrating
> to the
> new platform?
>
Seems like the consensus on the list is for you to
reinstall/rebuild. I can see that in most cases thats what
you would want to do, but there are certainly situations
where thats not a possibility (PRODUCTION SYSTEM). It seems
that you are under this latter situation.
The only thing I can recommend would be getting the security
updates from Progeny. I believe they are trustworthy enough
and know enough about Redhat distributions to make good
RPMS. It is $5 per month per machine. If this is only on
machine and you just need it for a few more weeks then maybe
its worth the $5.
Website: http://transition.progeny.com/
> I'm not even sure which version of RH we're running -
> maybe 6?
>
That service looks like it only covers RH 7.2, 7.3, and 8.0
on x86 only. So you may be SOL for version 6. I did a
couple searches with google on this as I remember there was
more then just progeny that was planing on providing
security updates at a price. For the life of me I was
unable to find anyone else. Maybe your search will turn up
more.
<Snip>
>
> Bear
Daniel Miller
More information about the LUG
mailing list