[PLUG] Joe Jobbed
Aaron Burt
aaron at bavariati.org
Tue Oct 9 16:25:43 UTC 2007
On Mon, Oct 08, 2007 at 08:20:21PM -0700, Ronald Chmara wrote:
> On Oct 8, 2007, at 11:06 AM, Aaron Burt wrote:
> > On Fri, Oct 05, 2007 at 08:11:07PM -0700, Ronald Chmara wrote:
> >> I blame lazy distros, who don't keep on top of security (Cent,
> >> Debian, Ubuntu, RHEL... the whole lot of 'em are to blame).
> > What makes you say that?
>
> Because every vendor-driven package manager I've used lately is 1-24
> months behind the latest security and stability fixes for some (or in
> a few cases, many) of its packages.
Really? Do you have specific and significant examples that you could
warn us about? Name 'n' shame is the security game.
And how do *you* deal with it? Does it work for an admin who's
time-poor, needs to automate tasks and handles many hosts?
I admit I don't have a whole lot of years as a sysadmin, and I've only
had to manage a handful of critical infrastructure hosts at the same
time, with only a few other co-sysadmins, but I've certainly come to
appreciate distribution packages and updates, and careful
version-control of packages and config files.
<snip kernel vulns>
> I dunno what the metric for "rare" is, but if we don't find any more
> remote vulns this year, that's an average of a new remotely
> exploitable kernel vuln every 2 months, or, since we're in october,
> that's an average of two new kernel vulns (20/10) found every month.
Sorry, I couldn't be arsed to patch together a 4-line wrapped URL. Were
those potential 'sploits or actual ones with usable exploit code? I'll
admit that one's firewalls can stand to have lots of reboots, but
production hosts should be well protected and if so, can stand to have
nice long uptimes and lots of nines after their availability numbers.
Those nines look awfully nice when one is justifying one's job, salary
and/or budget to Those Who Sign The Checks.
> I'll gladly buy you a version of the package beer-0.1a-116987121.rpm
> (an early teaspoon version of beer that was actually patched up to
> being to a full beer).
Budweiser? I'll pass. ;)
--
I only have human stupidity (other people's, that is) to make the case
for my wages. And the sad thing is, human stupidity is proving well and
truly up to the task. -- Omri Schwarz in the Monastery
More information about the PLUG
mailing list