Mailinglist Archive: opensuse (714 mails)

< Previous Next >
Re: [opensuse] Can I ask something...?
On 10/28/2011 12:50 PM, Togan Muftuoglu wrote:
On 10/28/2011 06:42 PM, Linux Tyro wrote:
On Fri, Oct 28, 2011 at 9:09 PM, Robert Schweikert<rjschwei@xxxxxxxx> wrote:

ok. Well, I just wanted to ask if the new release period could be
increased (just a suggestion) from 8 months to something like a year,
so that we (not from technical side) can all have a good grasp at the
OS/distro, can know something about it before any new thing come into
picture... However, it's just a question of 'if' this is a possibility
or not...!

Upgrade is not obligatory, I am running versions back to 11.1 on a daily
basis and some of the are web and mail servers. So you do not have to
update to the new version every 8 months or so

life is endless possibilities and then there is the freedom of choosing

Togan


Then again I just spent a few days fighting with some hackers script that somehow manages to get _ROOT ACCESS_ to a few of my opensuse 11.2 machines, du apparently to a weakness in openssh.

I had done everything but shut off sshd entirely, sinec i need it myself, but I had disallowed root access, I had deleted all ssh keys and changed the password, and still they got in. Lucky for me it was just a script that only wanted to do one thing, execute perl and suck down a perl script to generate spam. It was running perl, as root, it could have done _anything_.

I captured forensic data by replacing the perl binary with a shell script that copied the environment and stdin to unique files and then ran the real perl binary and that's the only way I was able to see what perl script was being run. It never used a temp file, just received everything from stdin.

I could have firewalled the IP, but there were multiple IP's and I know with scripts like these, there would be many other possible IP's where the same form of attack would come from.

My only way to save this server, and still have ssh, was to upgrade ssh to the latest version, or at least whatever version fixed whatever weakness this script was exploiting. I only know that upgrading to latest stopped him cold.

You can only do that for just so long after the distro goes off the back end of the support time frame.

Luckily this was a 11.2 box, and luckily in this case I already knew from prior testing on other boxes that it would be ok to just change all the zypper repos from 11.2 repos (I maintain my own mirrors indefinitely after they disappear from suse's mirrors) to 11.3 repos, and add the current openssh devel repo from OBS, and then update openssh from that, and it pulled in a few other updates from the 11.3 repos and luckily doesn't screw up the rest of the system.

If a box is connected to the internet, you can't actually afford to just let it get old.

--
bkw
--
To unsubscribe, e-mail: opensuse+unsubscribe@xxxxxxxxxxxx
To contact the owner, e-mail: opensuse+owner@xxxxxxxxxxxx

< Previous Next >