Re: [opensuse] Can I ask something...?

On 10/29/2011 12:01 AM, Brian K. White wrote:
On 10/28/2011 12:50 PM, Togan Muftuoglu wrote:

Upgrade is not obligatory, I am running versions back to 11.1 on a daily
basis and some of the are web and mail servers. So you do not have to
update to the new version every 8 months or so

life is endless possibilities and then there is the freedom of choosing




I had done everything but shut off sshd entirely, sinec i need it
myself, but I had disallowed root access, I had deleted all ssh keys and
changed the password, and still they got in. Lucky for me it was just a
script that only wanted to do one thing, execute perl and suck down a
perl script to generate spam. It was running perl, as root, it could
have done _anything_.

Lockdown all first and then let it is my approach. None of my servers
have root enabled for sssh and only allowed groups can log in



You can only do that for just so long after the distro goes off the back
end of the support time frame.

True and they eventually get upgraded but not immediately. My experince
with SuSE and openSUSE has been wait like 6 months after a release so it
polishes itself and start the upgrade based on mission of the server


Luckily this was a 11.2 box, and luckily in this case I already knew
from prior testing on other boxes that it would be ok to just change all
the zypper repos from 11.2 repos (I maintain my own mirrors indefinitely
after they disappear from suse's mirrors) to 11.3 repos, and add the
current openssh devel repo from OBS, and then update openssh from that,
and it pulled in a few other updates from the 11.3 repos and luckily
doesn't screw up the rest of the system.

Same except the mirroring part I use OBS and maintain the software as
necessary



If a box is connected to the internet, you can't actually afford to just
let it get old.

That is true and hence there is evergreen as geriatrics service ;)

Togan


--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

Relevant Pages

  • Re: Fedora Core brevity vs server upgrades
    ... >> Oh I know some people might say you have no business running servers on ... >> Fedora because the Cores are so short lived and yes, ... > upgrade them to FC4 about two to three weeks after the first big batch ... it from the mirrors and a ton of upgrades. ...
    (Fedora)
  • Re: Looking for FreeBSD Update mirrors for 7.2-RELEASE
    ... traffic as thousands of people tried to upgrade at once. ... How are the servers chosen by freebsd-update? ... The FreeBSD Update mirroring code currently consists of "Colin ... some improvements to that I don't really want to have any more mirrors than ...
    (freebsd-stable)
  • Problems with cvsup.
    ... There are problems with some mirrors of cvsup listed on ... I have one cvsup server for upgrade my servers, and I use these cvsup on ...
    (freebsd-questions)
  • Re: NT4 to Win 03
    ... Easies is to upgrade your existing PDC. ... you have to set the AD domain in Native mode. ... If you upgrade you do not have to set your AD domain in native mode. ... > assume i will install the new 2003 servers one at a time. ...
    (microsoft.public.windows.server.migration)
  • Re: Graphical Interfaces
    ... A sampling of the things that Microsoft has never really understood: ... - You can't reboot servers to install software. ... you can't upgrade anything in less than two years. ... - Internal documentation of software is a good thing, especially for tech support. ...
    (comp.os.linux)