Re: Centos / Redhat announcement and Scientific Linux update
On Wed, 8 Jan 2014, Connie Sieh wrote: We are in the process of researching/evaluating this news and how it impacts Scientific Linux. -Connie Sieh -- Update on Scientific Linux On January 7, Red Hat and CentOS announced that they joined forces (http://www.centos.org). Since Scientific Linux relies on Red Hat Enterprise Linux source code, this is of great interest to the Scientific Linux project. We have been learning more about their plans and considering the possibilities for Scientific Linux. We've had conversations with CentOS and Red Hat, and between Fermilab and CERN. We plan further discussions with these groups and also with other contributors to and users of Scientific Linux. No final decisions have been made, but we can provide an update on our thoughts so far. Fermilab and CERN remain committed to the original goal of Scientific Linux: providing a stable, well-supported, open-source platform which meets the needs of high-energy physics experiments. The fact that this platform is used by people outside of that community is something we appreciate and will be a factor in any decisions going forward. There are still many questions to pursue as the details of CentOS Special Interest Groups continue to evolve. The anticipated release of Red Hat Enterprise Linux 7 presents an opportunity to consider forming/joining a CentOS Special Interest Group (http://www.centos.org/about/governance/sigs/) and producing Scientific Linux 7 as a CentOS variant (http://www.centos.org/variants/). The variant structure may allow greater flexibility in adapting the distribution to scientific needs. The framework and relationship structure of CentOS Special Interest Groups is still under heavy discussion on the CentOS development list. This is only being evaluated for Scientific Linux version 7. Security and other updates for the current Scientific Linux versions 5 and 6 will continue uninterrupted. We expect the process for SL 5 and 6 support to remain essentially the same, with the only substantive change being that source code will come from centos.org rather than redhat.com. We expect this change to be transparent to all users. There will be many more details to fill in, and we'll try to keep everyone in the Scientific Linux community informed as we continue to explore the options the Red Hat / CentOS partnership presents. -Connie Sieh
Re: NTP DOS issue?
On 29 Jan 2014, at 09:52, John Rowe wrote: > I've been warned that my SL 5.9 machine is potentially vulnerable to the > recently announced DOS attack. As far as I can see both my 5.9 and 6x > machines are running vulnerable versions, am I missing something or are > we vulnerable? Have a look at these two pages: https://cert.litnet.lt/en/docs/ntp-distributed-reflection-dos-attacks https://access.redhat.com/site/documentation/en-US/Red_Hat_Enterprise_Linux/6/html/Deployment_Guide/s2_Configure_Rate_Limiting_Access_to_an_NTP_service.html I don't know if the fix has been back ported to EL or not (use the test in the first article to check) - if someone has warned you that you are vulnerable, the best option is to rate limit NTP clients. Even if the fix has been back ported, rate limiting is still a good thing to do. Regards, Adam Bishop gpg: 0x6609D460 Janet, the UK's research and education network. Janet(UK) is a trading name of Jisc Collections and Janet Limited, a not-for-profit company which is registered in England under No. 2881024 and whose Registered Office is at Lumen House, Library Avenue, Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238
NTP DOS issue?
I've been warned that my SL 5.9 machine is potentially vulnerable to the recently announced DOS attack. As far as I can see both my 5.9 and 6x machines are running vulnerable versions, am I missing something or are we vulnerable? John