[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: AW: [cobalt-security] RaQ3-All-Kernel-4.0.1-2.216C24III.pkg
- Subject: Re: AW: [cobalt-security] RaQ3-All-Kernel-4.0.1-2.216C24III.pkg
- From: Bill Irwin <bill_irwin@xxxxxxxx>
- Date: Fri, 08 Jun 2001 09:48:50 -0400
- List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>
Folks,
As I've stated before any non-authorized rpm's you install which modify
the kernel in anyway will cause problems with the kernel upgrade. The
kernel upgrade *assumes* an unmodified kernel from the standpoint of all
our upgrades and OS releases. If you add Java Servelets or add an Apache
upgrade, there will be likely consequences to these actions. This is the
BIGGEST reason we don't support the servers after users have modify the
servers in such a way and its explicitly stated as such in our warranty.
You are free to modify the server however you see fit, after all its
your server. It's just we may not be able to assist you in fixing any
problems that may occur. Also as some of you have found out, it may cast
some money to get the problem fixed and your server restored to working
condition.
Rob van Eijk wrote:
>
> Check their website first...
>
> >Warning for all 4WebSpace.com users:
> Users should not install the Cobalt Kernel update
> 4.0.1 on their RaQ 3 servers. It can cause serious problems with the
> servers, including sending them into infinite rebooting loops.
>
> --
> MCG,
> Rob van Eijk
>
> -----Ursprüngliche Nachricht-----
> Von: cobalt-security-admin@xxxxxxxxxxxxxxx
> [mailto:cobalt-security-admin@xxxxxxxxxxxxxxx]Im Auftrag von Ken Reilly
> Gesendet: vrijdag 1 juni 2001 8:16
> An: cobalt-security@xxxxxxxxxxxxxxx
> Betreff: [cobalt-security] RaQ3-All-Kernel-4.0.1-2.216C24III.pkg
>
> To: Bill Irwin
> Technical Support Engineer
> RE: http://list.cobalt.com/pipermail/cobalt-security/2001-May/001891.html
> Raq3 caught in a reboot loop after Kernel 4.0.1 update
>
> I have two Raq3s. One with CommuniTech.net (CT) and one with 4WebSpace
> (4WS). I always add patches to my 4WS Raq, and let it run for a few days
> before I patch my other Raq at CT. After applying the kernel update 4.0.1,
> my Raq3 was caught in a continual reboot according to 4WS support. They told
> me that they rebooted to the ROM kernel, and everything is running just
> fine, but I need to do a complete reload of my Raq3 otherwise every time I
> reboot, it will get caught in the loop again.
>
> Is there any chance that I can just reverse the patch, and not go through
> the time, effort and cost of a reload? If not, what are the security risks,
> or differences in running off of the ROM kernel for more than a few days
> before I reload the machine?
>
> Below is the information you requested (dated May 1st)
> =============================
> 1 what was installed (ie, third party stuff)
> =============================
> List of security apps installed
> 1. LogCheck
> 2. PortSentry
> 3. Chkrootkit
> 4. SSH from ssh.com not OpenSSH
> 5. PM Firewall install for IP Chains, but it is not running (upgraded IP
> chains via RPM)
>
> Other apps installed (a few months ago)
> 1. Webalizer 1.3 via Cobalt pkg, later uninstalled
> 2. Webalizer Raq3iRelease 2.00.12-2. A pkg that was announced on the user
> list
> 3. ApacheJServ (Apache-Java Servlet Engine) for Cobalt i386Release 1.1-1
> (pkg from Cobalt)
> 3a. Open Source JSDK for Cobalt i386 Release 1.1-1 (pkg from Cobalt)
> The Java packages didn?t seem to work. They were installed months ago.
> 4. RaQ3-all-CMU Release 1.1-22
> 5. Urchin for Raq was installed a few months ago, and uninstalled after the
> 30 day trial.
>
> Security apps were installed from source (my Raq3 at CT was hacked through
> Bind a couple months ago and had to be reloaded). Other apps were all pkg
> files. I don?t have PHP, MySQL or any of the other popular apps installed.
> They are somewhere far down my ?to do? list.
>
> ===================================
> 2 what patches you had installed prior to install?
> ===================================
> I usually wait a couple months before applying patches, for this exact
> reason.
> Both of my Raq3s were running fine for the past couple months with all
> patches up to and including the vixie-cron Update 4.0.1. I had some error
> messages ?zcat: stdout: Broken pipe? from the cron.daily after the vixie
> update, but nothing major. There was a post on how to fix the error message,
> and it had to do with recreating the crond link entries. This fixed the
> problem.
>
> Then on May 28th, I first applied 3 patches.
> 1. Security: Backup Update 4.0.1
> 2. Security: URL Attack Exposure 4.0.1 and
> 3. Update: RPM 4.0.1
>
> I then rebooted, because after 3 patches I wanted to make sure the server
> was OK before applying a kernel update. The server came up just fine, so I
> continued to apply the kernel update.
> 4. Kernel update 4.0.1
>
> After reboot, I was unable to access my server until 4WS support booted of
> the ROM kernel.
>
> ======================
> 3 Any hardware upgrades, etc
> ======================
> I lease the dedicated Raq3 from 4WS, so I?m not aware of any hardware
> upgrades besides the memory upgrade from 32 to 128 that I paid for when I
> first got my server.
>
> Please reply to the first couple questions regarding a complete server
> reload. I would rather not go through the expense of a reload if I don?t
> have to. The server has been running just fine for almost a week, but I can?
> t reboot.
>
> Feel free to contact me if you have any questions or comments.
>
> Thanks,
> Ken Reilly
> ken@xxxxxxxxx
> Phone (651) 329-7711
> Toll Free 1(877) 435-5416
> Fax 1(877) 794-0612
> http://www.ryron.com
>
> _______________________________________________
> cobalt-security mailing list
> cobalt-security@xxxxxxxxxxxxxxx
> http://list.cobalt.com/mailman/listinfo/cobalt-security
--
Bill Irwin
Technical Support Engineer
Sun Microsystems, Inc.