[CentOS] Re: Unexpected FTP Activity
On Fri, 10 Oct 2008 15:59:35 -0400, Filipe Brandenburger wrote: > On Fri, 10 Oct 2008 11:27:45 -0400, Toby Bluhm wrote: >> Is there a reason why you don't want your machine updated? > > On Fri, Oct 10, 2008 at 12:07, Mike -- EMAIL IGNORED wrote: >> Yes indeed! [...] > > On Fri, Oct 10, 2008 at 14:42, Scott Silva > <[EMAIL PROTECTED]> wrote: >> He didn't say he wasn't going to update, > > Yes, he did! :-) > >> he just said he wants to do it on his schedule. Nothing wrong with >> that. As a matter of fact, it is more proper to update when you have >> tested on an enterprise system. > > Agreed, in particular with updates that bump a release (5.1 -> 5.2), I > also do it manually and not automatically. > > However, nowadays I consider updating the system and applying security > patches an essential part of the sysadmin role in a Linux environment. > > Filipe I quote from a previous post by me on this thread: "I do updates, but at times of my choice, and I watch what I get." The reason I am moving from Fedora to Centos is that on a Fedora news group I mentioned that I am interested in reliability and stability. A respondent suggested that in that case, I would be better off with Centos, since Fedora experiments with the latest and greatest, and therefore takes chances that would not be appropriate in an enterprise context. Automatic updates are inconsistent with my objective. I like to comment on my past employment years ago with a large company whose name you would recognize. I maintained control systems whose failure would cost dollars quickly counted in the millions, and could potentially endanger human life. The operating systems on these machines were well understood and long obsolete. A suggestion that they be upgraded would be met with a blank stare. I believe that the implementation of automatic updates would have resulted in dismissal. ): Mike. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Unexpected FTP Activity
Hi, On Fri, Oct 10, 2008 at 17:11, Scott Silva <[EMAIL PROTECTED]> wrote: > But if you cron yum, it can't tell if it is a normal update or a major > release. See my other e-mail on the other thread about setting up a repository mirror. If you do that, *you* control if 5 is 5.1, 5.2 or 5.3 (when it's out). Then you can choose to apply all security fixes automatically (say, weekly?) and still control when your machines are moving from one minor release to the next. HTH, Filipe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Unexpected FTP Activity
on 10-10-2008 12:59 PM Filipe Brandenburger spake the following: > On Fri, 10 Oct 2008 11:27:45 -0400, Toby Bluhm wrote: >> Is there a reason why you don't want your machine updated? > > On Fri, Oct 10, 2008 at 12:07, Mike -- EMAIL IGNORED wrote: >> Yes indeed! [...] > > On Fri, Oct 10, 2008 at 14:42, Scott Silva > wrote: >> He didn't say he wasn't going to update, > > Yes, he did! :-) > >> he just said he wants to do it on his >> schedule. Nothing wrong with that. As a matter of fact, it is more proper to >> update when you have tested on an enterprise system. > > Agreed, in particular with updates that bump a release (5.1 -> 5.2), I > also do it manually and not automatically. But if you cron yum, it can't tell if it is a normal update or a major release. Better to monitor the announce list and apply updates at the quickest convenience. I will usually yum update --downloadonly when I am there, and then I can script an update after hours and send a confirming e-mail to my blackberry when it is done. Or I can watch it since the download is usually most of the session time. I have a few less critical systems on auto-update like the 2 servers stuffed with drives as rsync targets. They can be offline for a day if something happens, but the mailservers and the fileservers need to be up EVERY day during business hours or I get unhappy exec's calling me. > > However, nowadays I consider updating the system and applying security > patches an essential part of the sysadmin role in a Linux environment. > > Filipe -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Unexpected FTP Activity
On Fri, 10 Oct 2008 11:27:45 -0400, Toby Bluhm wrote: > Is there a reason why you don't want your machine updated? On Fri, Oct 10, 2008 at 12:07, Mike -- EMAIL IGNORED wrote: > Yes indeed! [...] On Fri, Oct 10, 2008 at 14:42, Scott Silva <[EMAIL PROTECTED]> wrote: > He didn't say he wasn't going to update, Yes, he did! :-) > he just said he wants to do it on his > schedule. Nothing wrong with that. As a matter of fact, it is more proper to > update when you have tested on an enterprise system. Agreed, in particular with updates that bump a release (5.1 -> 5.2), I also do it manually and not automatically. However, nowadays I consider updating the system and applying security patches an essential part of the sysadmin role in a Linux environment. Filipe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Unexpected FTP Activity
on 10-10-2008 9:52 AM Filipe Brandenburger spake the following: > On Fri, Oct 10, 2008 at 12:07, Mike -- EMAIL IGNORED > <[EMAIL PROTECTED]> wrote: >> Yes indeed! I do some complicated things, and I can >> do without the wonderful surprises that updates >> sometimes deliver. I do updates, but at times of >> my choice, and I watch what I get. > > Good luck with the wonderful surprises you will have to deal with if > your machine gets compromised while running unpatched vulnerable > software. > > Filipe He didn't say he wasn't going to update, he just said he wants to do it on his schedule. Nothing wrong with that. As a matter of fact, it is more proper to update when you have tested on an enterprise system. -- MailScanner is like deodorant... You hope everybody uses it, and you notice quickly if they don't signature.asc Description: OpenPGP digital signature ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Unexpected FTP Activity
On Fri, 10 Oct 2008 12:52:33 -0400, Filipe Brandenburger wrote: > On Fri, Oct 10, 2008 at 12:07, Mike -- EMAIL IGNORED > <[EMAIL PROTECTED]> wrote: >> Yes indeed! I do some complicated things, and I can do without the >> wonderful surprises that updates sometimes deliver. I do updates, but >> at times of my choice, and I watch what I get. > > Good luck with the wonderful surprises you will have to deal with if > your machine gets compromised while running unpatched vulnerable > software. > > Filipe No doubt, what you say is a concern. But I have a very tight firewall, and I take few risks. On Linux systems, in my experience, surprise results from updates have been more of a problem. Mike. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Unexpected FTP Activity
On Fri, Oct 10, 2008 at 12:07, Mike -- EMAIL IGNORED <[EMAIL PROTECTED]> wrote: > Yes indeed! I do some complicated things, and I can > do without the wonderful surprises that updates > sometimes deliver. I do updates, but at times of > my choice, and I watch what I get. Good luck with the wonderful surprises you will have to deal with if your machine gets compromised while running unpatched vulnerable software. Filipe ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Unexpected FTP Activity
On Fri, 10 Oct 2008 11:27:45 -0400, Toby Bluhm wrote: > Mike -- EMAIL IGNORED wrote: >> On Fri, 10 Oct 2008 17:03:41 +0200, Ralph Angenendt wrote: >> >> [...] >>> Or it's yum-updatesd in action. >>> >>> Ralph >> [...] >> >> It looks like this is it; I shut it down. > > Is there a reason why you don't want your machine updated? Yes indeed! I do some complicated things, and I can do without the wonderful surprises that updates sometimes deliver. I do updates, but at times of my choice, and I watch what I get. Mike. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Unexpected FTP Activity
Mike -- EMAIL IGNORED wrote: On Fri, 10 Oct 2008 17:03:41 +0200, Ralph Angenendt wrote: [...] Or it's yum-updatesd in action. Ralph [...] It looks like this is it; I shut it down. Is there a reason why you don't want your machine updated? -- tkb ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
Re: [CentOS] Re: Unexpected FTP Activity
On Oct 10, 2008, at 11:17 AM, Mike -- EMAIL IGNORED wrote: Is there any other automatic Internet activity in Centos? ntpd, possibly, if you set it up during firstboot without realizing. -steve -- If this were played upon a stage now, I could condemn it as an improbable fiction. - Fabian, Twelfth Night, III,v ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
[CentOS] Re: Unexpected FTP Activity
On Fri, 10 Oct 2008 17:03:41 +0200, Ralph Angenendt wrote: [...] > > Or it's yum-updatesd in action. > > Ralph [...] It looks like this is it; I shut it down. I don't remember being offered a choice about this on install; maybe I didn't recognize it. I would think it should be made obvious. Is there any other automatic Internet activity in Centos? Thanks, Mike. ___ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos