[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: To upgrade or not to upgrade?
> > Normally, I use Linux as an individual workstation offline, with the
> > various daemons running. If I connect it to the Internet using SLIP I kill
> > inetd (which includes telnet, rlogin and stuff), httpd, sendmail and
> > syslogd, and X runs only on a UNIX-domain socket.
>
> KILLING inetd? why not use the blocking options in the tcp wrappers'
> hosts.deny?
this won't block any udp-based processes (like talkd... is the root-break
security problem there fixed in RH4.1? or 4.2?). what i'd suggest instead
is simply remove any *services* from there that you don't want to run
(coming to think of it, i removed almost anything, which makes inetd quite
pointless anyway, EXCEPT for running identd, which is checked by various
programs and might be usefull).
in general, when one's paranoid, the best policy is to never run services
you don't want. i'd bet you did forget to kill them sometimes, thus making
your efforts pointless.
> > 4. Apache - basically, I can d-load the source, compile and replace the
> > server binary with the newly compiled one - or can I?
>
> yes, it's that simple. did it 4 times this week.
just watch apache's home page regarding problems when moving from 1.1* to
1.2.0 - regarding specifics of java applets and specifics of specific CGI
programs. most likely not relevant for you, but maybe it is? in any case,
why post here, when you have so extensive info on their official site?
> > 5. Should I download the latest version of sendmail (8.8.6) and compile it?
> > Would I have to somehow rebuild or update my sendmail configuration files,
> > so it won't report that they belong to an older version?
>
> sendmail is a beast, either download RPMs or just stick to what you have
> (you're no attack target, since you are not a stationary server)
actually, sendmail is easy to compile, and with the m4 macros and ready
example files it contains now, not so easy at all to configure..
but, as was written, 8.8.6 is pointless to install if you're using 8.8.5 -
what's the point in 'chasing the numbers' when you can lie down in the sun
and rest? don't be a running tourist - be a resting fisherman...
in fact, maybe someone should make the To-Upgrade-Or-Not-To-Upgrade.HOWTO
once and for all.
guy
References: