[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: RedHat 7 distribution cds



On Wed, Mar 07, 2001, Hetz Ben Hemo wrote about "Re: RedHat 7 distribution cds":
> Pinchas,
> 
> If you can - wait for Redhat 7.1 - which will go out next month. You can 
> install RH 7 today, but you'll have to upgrade lots of RPM's...
> 
> Hetz

I know I already said this before, but it's probably worth repeating.

Installing Redhat 7 (or Redhat 6.2, or Madrake, or Debian, or anything older
than one month), without installing all the updates is the computer-security
equivalent of suicide. A computer we installed on @home (an American network)
with an updated Redhat 7 gets several crack attempts per day (!) to the
portmapper, printer port, etc., that were crackable in Redhat 6.2 (and if
I remember correctly, some of them were also crackable in an unupdated
Redhat 7).

So when you get a relatively old distribution (say, over one month), make
sure the same person also gives you all the current updates; downloading it
all yourself from the Internet can be a real pain (Redhat 7 security updates
now are over 100MB, although certainly some are much more important than
others), and connecting to the Internet without doing these updates is as
wise as going to a Linux convention wearing an "I Love Microsoft" T-shirt :)

Hopefully the next version of Redhat will have much fewer services running
by default. Most people who got cracked with the portmapper or lprng holes
never intended to use these services, much less export them to the entire
Internet (the first is needed for exporting NFS file systems, and the second
for letting other people print on your printer).

Use the ipchains, Luke!


-- 
Nadav Har'El                        |      Wednesday, Mar 7 2001, 12 Adar 5761
nyh@math.technion.ac.il             |-----------------------------------------
Phone: +972-53-245868, ICQ 13349191 |If God is watching us, the least we can
http://nadav.harel.org.il           |do is be entertaining.

=================================================================
To unsubscribe, send mail to linux-il-request@linux.org.il with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail linux-il-request@linux.org.il