On Mon, 2002-05-06 at 17:43, Glen Lee Edwards wrote: <snip> > As for Red Hat's role in this. They are culpable on one count - since I now > have my own subnet, I always upgrade my systems with the new releases. However, > they have decided that most of us are rich, and that no one uses 486s and PIs > anymore. Two thirds of my boxes have 16 MB RAM and can't install the current > releases. One key reason why I was hacked is because I couldn't upgrade those > boxes. So don't tell me that I'm solely responsible here. >
Glen- FYI redhat continues to provide security updates to at least 6.2 not sure about earlier releases. Since we don't really know even after this rather lengthly thread what was done to gain access to your box. Was it unneeded / misconfigured services? was it running a known expliotable version of a needed service? was it running an inherently insecure service like telnet and logging in as root and having someone sniff your password? ( probably not the last one IMHO) I was hacked at my home firewall (RH 6.2) the dayafter I got my dsl connection here because I left sendmail active and there was a known exploit for it. BTW I did not even need sendmail on the box. FWIW it is still a RH 6.2 install but fairly secure at this point. At least no issues for over a year constantly connected and many many scans and various attempts daily I think RH has done a good job keeping security related issues fixed for this version. If they are culpable in anything it is by not issuing openssh rpms for it since it was not included in the original distro. While I would stop short of saying that you are a menace or what ever the other poster called you, I do think that there is an inherent responsibility for all connecting a box to the net. RedHat has come a long way in having the default installation much more secure in later releases, 6.2 was abit behind the curve in that regard. You seem to have at least some regard for these issues since you do after all subscribe to this list and participate. That requires a pretty good deal of commitment. THere is however a tone to your posts from which I infer the following: Security is hard RedHat does not make it easy. Therefore I am not going to worry about it. This is not entirely fair since you have gone out of your way to find a way to install 7.2 on a low resource box. You get big points for that in my opinion. However assumming that upgrading will fix a lax attitude to security issues will mean that I expaect a post in the near future with a subject the same as the one of this thread. You need to upgrade the packages from the redhat ftp site or your favorite mirror or you WILL have problems. I apologize for the apparently pointless ramblings but this is the third time I have sat down to my computer while I have been writing this. Bret _______________________________________________ Redhat-list mailing list [EMAIL PROTECTED] https://listman.redhat.com/mailman/listinfo/redhat-list
