Hello, Am Mittwoch, 19. Juni 2019, 12:01:19 CEST schrieb Karol Babioch:
minnie (saltmaster):~ # salt '*' cmd.run 'sysctl net.ipv4.tcp_sack=0' --out=text >/root/tcp_sack-fix.txt This is a mitigation for the latest vulnerabilities in the TCP stack of Linux. Machines will still need to be updated and rebooted to
Martin and me run the following command on "minnie" (the salt master): properly (and persistently) fix the issue.
I installed the kernel update on several VMs that I maintain or at least know good enough, and also on those that have the reboot_safe flag set to "yes" in salt. There are still about 30 servers that need a kernel update. I put a list to /tmp/kernel-updates-2019-06-19 on minnie.infra.o.o (writeable for everybody with VPN access, so feel free to update it after updating "your" servers ;-) (Note: the monitoring does the update check only once per day, and therefore still shows more servers as needing the update.) If you are lazy, please update the reboot_safe flag in salt pillar/id/ for your servers and you'll probably get future kernel updates done "for free" ;-) Regards, Christian Boltz -- I've not had any luck reading the manpage and making SWAGs (Scientific Wild Ass Guesses - Trademark -- Amdahl Corporation). [Sid Boyce in opensuse-factory] -- To unsubscribe, e-mail: heroes+unsubscribe@opensuse.org To contact the owner, e-mail: heroes+owner@opensuse.org