On 10/29/2011 12:01 AM, Brian K. White wrote:
On 10/28/2011 12:50 PM, Togan Muftuoglu wrote:
Upgrade is not obligatory, I am running versions back to 11.1 on a daily basis and some of the are web and mail servers. So you do not have to update to the new version every 8 months or so
life is endless possibilities and then there is the freedom of choosing
I had done everything but shut off sshd entirely, sinec i need it myself, but I had disallowed root access, I had deleted all ssh keys and changed the password, and still they got in. Lucky for me it was just a script that only wanted to do one thing, execute perl and suck down a perl script to generate spam. It was running perl, as root, it could have done _anything_.
Lockdown all first and then let it is my approach. None of my servers have root enabled for sssh and only allowed groups can log in
You can only do that for just so long after the distro goes off the back end of the support time frame.
True and they eventually get upgraded but not immediately. My experince with SuSE and openSUSE has been wait like 6 months after a release so it polishes itself and start the upgrade based on mission of the server
Luckily this was a 11.2 box, and luckily in this case I already knew from prior testing on other boxes that it would be ok to just change all the zypper repos from 11.2 repos (I maintain my own mirrors indefinitely after they disappear from suse's mirrors) to 11.3 repos, and add the current openssh devel repo from OBS, and then update openssh from that, and it pulled in a few other updates from the 11.3 repos and luckily doesn't screw up the rest of the system.
Same except the mirroring part I use OBS and maintain the software as necessary
If a box is connected to the internet, you can't actually afford to just let it get old.
That is true and hence there is evergreen as geriatrics service ;) Togan -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org