Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Does anyone know of or heard of the automatic update service of Redhat up2date being a security issue. I did not install this service on my firewall and generally download the updates from Redhat from a machine inside the network, ftp them onto the firewall and install the updates. I am thinking of putting the up2date service on the firewall.
I have just recently started my search for an answer to the exact same question. I want my installation to be current, but I don't want to jeopardize the security of it to get there. I do not know the security issues involved with running up2date and rhn.
Not any issues I know of if you install the latest packages, but since this is a single-purpose box (w/o any network daemons running on it RIGHT?) it shouldn't have that many packages installed. You need it 24/7 w/o glitches, I'd say if you got the time, go for manual. If you do use up2date make sure you never ever automagically update crucial stuff like the kernel or glibc.
As far as I know I only installed the minimum packages. I am not 100 percent sure which daemons constitute all of the "network daemons' however there are no services running open to the Internet. i.e. Apache, ssh, telnet, ftp. When I need to ftp the upgrade rpm's onto the firewall/router, it is necessary for me to go into xinetd.d and turn the wu-ftpd service on. (only open to the internal network). I then turn it off again and restart xinetd. Kinda the long way to do things This box does hand IP's to the internal network though. Did I mention I am a newbie
When I need to ftp the upgrade rpm's onto the firewall/router, it is necessary for me to go into xinetd.d and turn the wu-ftpd service on. (only open to the internal network). I then turn it off again and restart xinetd.
Or run OpenSSH and just scp the data over. OpenSSH comes in handy as well when you need to be on the box for other reasons as well I'd say. Just make sure you log in as regular user and sudo to root.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.
