[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [cobalt-security] Upgrade Path {Newbie Help}?

Subject: Re: [cobalt-security] Upgrade Path {Newbie Help}?
From: "cbtrussell" <cbtrussell@xxxxxxxxxxx>
Date: Fri, 31 Aug 2001 11:03:23 -0400
List-id: Mailing list for users to address network security on Cobalt products. <cobalt-security.list.cobalt.com>

> My system was hacked and I have restored it using
> P/N 960-RAQ30101AU
>
> Is this the most current release?

I don't know off hand. Regardless if it is or not, you still need to follow
the next step.

> Are there any other security patches that need to be applied?

Definitely. Go to Cobalt.com > Support > Downloads and choose your product
from the list. You'll get a page full of downloadable updates. To find which
ones you should install:

On your RaQ, go to Maintenance > Install Software. See that list of
installed updates? It will roughly correspond with the list on the Cobalt
page. Find the last update your RaQ has on the Cobalt list, and install
everything ABOVE it on the list.

> How do I know when it is time to upgrade my OS?

Subscribe to the cobalt-announce mailing list. It's also a good idea to
check the Cobalt site manually about once a week for new packages. There's a
script available that automatically checks for updates and installs them,
but that's probably not a good idea since Cobalt has a habit of posting
updates before they've been thoroughly tested.  A bad patch was posted just
last week. Watch the lists for reports of troubles with upgrades before you
install them.

> Can upgrades be applied using the "Install Software" feature of the
> Cobalt U/I or does one need to learn UNIX?

Yes, just like I explained above. And yes, you need to learn some UNIX to
keep your box from being hacked. I'd recommend "linux server administration"
by Stanfield/Smith as a primer, and "real world linux security" by Toxen as
a security primer. There are several folks on the list who will be glad to
do the dirty work for you at rates from $25/hr to $125/hr. Ask for a
referral if you need it. But I'd STILL read the books.... unfortunately,
keeping your RaQ happy isn't quite as easy as the marketing literature led
you to believe.

> I am primarily a Mac user, am I totally hosed?  Do I need to sign-up
> for a Unix sysadmin course?

I've only been on this list for a month and I'm starting to get the hang of
it. Two weeks ago I was clueless about Linux. A course would jumpstart your
learning, but there's no reason you can't figure it all out with those
books, lurking on the list (I read almost every post every day... ) and
getting into your box and playing around.

> I couldn't get anyone at Sun to answer these questions.  I'm sorry if
> this is the wrong list.

Marginal, but close enough. No problem!

You didn't ask but here's what I'd do:

1) Read the books
2) Read the lists (security, users, and maybe even developers down the road)
3) SEARCH THE ARCHIVES. Tons of info there on every issue.
4) Did you know that you can upgrade your RaQ3 to a RaQ4 just by using the
RaQ4 restore CD? Caution: that would be a violation of your license
agreement and I strongly suggest you NOT do it for that reason. But I think
it's an interesting bit of trivia.     ;)
5) If you have clients on your machine, go ahead and hire someone to secure
your box short term. No sense taking a risk with your customers.
6a) You'll need to disable telnet. Telnet is bad. Use SSH instead, they're a
PKG available. (Search for OpenSSH or look at http://pkg.nl.cobalt.com. (Be
careful, I just un-checking the box on the control panel page doesn't always
work. You may have to un-check the box and reboot, that's the only way I
could get telnet on my 4i to truly stop).
6b) Use SSL (HTTPS) to admin your box instead of plain HTTP. The manual
tells you how to generate a self-signed certificate, that will work fine
short term. You may want to purchase a Thawte certificate long term if your
customers are using the site admin pages.
7) Update your machine with all of the patches from Sun
8) Look for HOWTO's on installing security software like IPCHAINS, TRIPWIRE,
PORTSENTRY, CHKROOTKIT. There are others, you'll have to look around, this
is just a starting point. There are several HOWTO's floating in the archives
on how to install these.
9) Keep up to date. You need to monitor your log files, watch for suspicious
activity, be vigilant. Yes, these things ARE a full time job - welcome to
Cobalt land!

This is just a starting point and is by no means complete - just what I've
picked up on my own the last month or so. In another month or so, you'll be
giving the same answer yourself to someone else! One question: you restored
your RaQ, how were you backing up your sites? Were you able to restore them
as well? My archilles heel right now is I can't find a suitable disaster
recovery option. I'm not even sure the $500+ third party solutions (Veritas,
etc.) will work. Anyway, I digress, hope this helps.

Brandon

References:
- [cobalt-security] Upgrade Path?
  - From: Reed Phillips

Prev by Date: [cobalt-security] RaQ3 - Webmin and SAT (Simple Audit Tool)
Next by Date: [cobalt-security] Lame Server messages
Previous by thread: [cobalt-security] Upgrade Path?
Next by thread: [cobalt-security] IPchains - How To

Sun Cobalt Security Message Index

Sun Cobalt Security Thread Index