[Gllug] Installing Stuff?

gllug at uncertainty.org.uk gllug at uncertainty.org.uk
Tue Dec 11 16:08:33 UTC 2001 

On Tue, Dec 11, 2001 at 03:34:35PM +0000, Jim Bailey wrote:
> Hi all,
> 
> this is my input if people notice glaring errors in my reasoning then 
> please let me know as this stuff is quite important.
> 
> On Tuesday, December 11, 2001, at 02:07 PM, Ivan Dimitrov wrote:
> 
> > you make a habbit to check every day freshmeat.net
> 
> You also got bug-track and the various security sites to keep you updated 
> with security issues.  Most applications have low traffic mailing lists to 
> announce serious security issues and upgrades that way you don't get 500 
> emails a day about configuration and installation issues.  Subscribe with 
> a group alias to deliver them to every member of your IT team or  and 
> create a separate folder in your mail client so you can see whether or not 
> you have dealt with them.
> 
> Alternatively and I am not sure if this is possible with out some hacking 
> but if you use something like RT, (request tracker, a free GPLed product) 
> it comes with Debian and should be available for Red Hat, have the 
> security and upgrade mails automatically raise a job which then need to be 
> closed down.

hmmm....

I think this is where we divide into full-time-sysadmins and 'others'

personally I don't have time for the above 

what I do is keep an eye on bugtraq, get RH mails, keep a local copy of
RH updates and run rpm -F * every now and again (minus kernel stuff
which I do by hand)

but then I don't have public facing systems apart from my firewall.

(I still want to be reasoably secure)

> 
> > On Tue, 11 Dec 2001 gllug at uncertainty.org.uk wrote:
> >
> >>
> >>
> >> compliling from source is easy enough and you get full power - but you
> >> have to keep track of any security issues and updates by yourself :(
> 
> this is where I find the mix and match option the best I un-comment the 
> Debian security option in /etc/apt/sources.list and can run it daily this 
> keeps most stuff fairly secure and up to date.  I don't think that there 
> is an equivalent for Red Hat unless you pay them.
> >>

Debian does keep getting tempting ...

> >> I have yet to find a good way of keeping tabs on the latest releases of
> >> source packages - subscribing to a list per package is a pian.
> 
> If you have public facing systems it is a pain you have to live with and 
> it is a lot less painful than explaining to your fat meal ticket corporate 
> client and the hard faced security consultant they just hired to help sue 
> you, why their site has been hacked and defaced by a spotty 14 year old 
> using off the shelf software.

also public systems should probably have a lot less junk on them so
there is less to keep track of.

-- 

Sean
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 274 bytes
Desc: not available
URL: <http://mailman.lug.org.uk/pipermail/gllug/attachments/20011211/48773ad3/attachment.pgp>

More information about the GLLUG mailing list