[lug] Ancient RH box hacked, which packages must be updated?

[Bill Gjestvang]

Seems like a good time to suggest running a distro where you trust the
upgrade system enough to be able to put auto-updates into cron.  If you
don't trust the updates to run from cron, you could at least put in a
script that checks for updates and lets you know they're available. 
Another good idea is to subscribe to the security announce list of any
distros you're using.
I'd say the 3 best (most basic?) ways to keep your systems secure are:
(1) Apply updates regularly.
(2) Disable services you aren't using.
(3) Use strong passwords, change them occaisionally, and don't send them
plaintext over the network.
Pretty much all my systems have daily updates running from cron.  For
servers, I've had great luck with Debian's apt-get, especially running the
stable version.  Even running testing or unstable, where the updates are
still pretty reliable, apt-get will generally complain rather than break
your system.
I've had mixed results with RedHat, particularly on desktop systems where
I'm pulling in a lot of 3rd party packages.  I had an official glibc
update not too long ago that I had to revert until I could straighten my
box out.
Anybody else have any auto-update or related experiences to share?

-Bill Gjestvang

Lee Woodworth said:
> On 25 Mar 2004 at 17:20, Bear Giles wrote:
>
>> My company is in the process of migrating from an ancient RH
>> server to a current RHE or Debian box, but in the meanwhile
>> somebody has hacked our box.  Does anyone know which packages
>> *must* be updated because of known exploits, or should we consider
>>   it a lost cause and put all of our effort into migrating to the
>> new platform?
>
> I know that 2 years ago a secondary-DNS server in Golden was
> hacked. The box was running RH6 with an old SSH. The hack was
> thgough SSH. IIRC there was some weakness in version 1 of the
> protocol and the RH6 sshd only supported version 1.