Kaido
Elite Member & Kitchen Overlord
- Feb 14, 2004
- 51,562
- 7,239
- 136
Huh? So they have to already be in to exploit something? That does not really make sense.
Anyways, I will admit I'm far from a Linux expert. Yum update is about all I know as far as updating stuff, or following specific instructions when a major exploit comes out like heartbleed where something may have to be manually done. Recompiling kernels and doing other advanced stuff is beyond my scope and it's not something I'd want to risk on a production box anyway. I'd like to learn more about it one of these days but not a priority. I would imagine 99% of other web servers are managed the same way. Run updates regularly, restart services and that's pretty much it. It's just a web server hosting a few websites, email and dns, not health records. If someone did manage to deface one of my sites I would look into it further and deal with it. I had a few sites defaced long time ago on a shared host but it was due to a specific issue with the php code. Kernel updates arn't gonna help there.
Pretty much sums up what my reaction was. :biggrin:
RossMAN
Grand Nagus
- Feb 24, 2000
- 79,006
- 430
- 136
This forum needs asyduck: emoticon.
Do tell me more in detail about this 'Windows stuff' please. I am all ears.
What web server software are you running? Willing to bet that its been problem free for the last 3 years?
You can update packages all you want, your kernel does *not* get updated unless you reboot or ksplice it live, period. Your packages do but as SunnyD already mentioned, that's only a partial win in some cases. The Linux kernel has had at least 455 public CVEs posted since you last rebooted your server. While true a RCE vuln via the kernel alone is rare, there is so much attack surface in your scenario it's mind boggling. If you think that running the latest packages alone is enough to stop someone from exploiting a known, vulnerable kernel once inside you've got bigger problems than thinking anyone gives a dusty fuck about your uptime. All that means is it's an easier target to pick off. This isn't 1996.
Anyway, keep doing what you're doing, you're ensuring a lifetime of ample, high paying work for people.
Nerd cock fight, who has the mightier sword?
SunnyD
Belgian Waffler
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes + WCL Discussion Threads
- Started by Tigerick
- Replies: 22K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
News NVIDIA and Intel to Develop AI Infrastructure and Personal Computing Products- Started by poke01
- Replies: 411
-
Facebook
Twitter