Server Maintanance - August 2005
 

Hello Folks.

Im plan on doing server maintanance on the weekend from the 19th to the 21st of August, including kernel update, opensshupdate and a few security changes:

- php_safe mode on
- hardened php
- hardened userlevel
- chrooted home directories for everyone
- NO root login, ONLY sudo execution

Additionally, there will be a few other changes.

JUST A NOTICE BEFOREHAND, EXPECT DOWNTIME OF ALL NONESSENTIAL SERVICES (Gameservers, CVS, etc).

All major services will be routed thru server-one (my box) during this time, so the downtime should be kept to a minimum, and all ESSENTIAL services (http, mail, database) will be operational (hopefully)

Do I have council approval ?

Nova 8)

Re: Server Maintanance - August 2005
 

approved, nigga :D

see ya on octoberfest :P

Re: Server Maintanance - August 2005
 

8o oh my god

Is it really necessary ? There ought to be immense benefits for everybody if you plan to do so else I don't really see why we should take such a risk !

Re: Server Maintanance - August 2005
 

risk ? what risk ?

• kernel update = formaility, if it doesnt work i can boot recue system
• openssh update = necessary, quite a lot of security updates out
• chrooted user directory = worst it could do is lock a few people out of the ftp for a while
• services update = good idea in general
• php safe mode and hardening = GOOD idea in general, i just hadnt gotten around to it yet
• sudo and sudoers = once its setup, its VERY VERY usefull.

imo thos is low risk high gain server surgery, and you dont have to do a thing ... :D

Re: Server Maintanance - August 2005
 

Don't You think guys the server is too much times updated? Everytime (every update I mean) after the update we got a lot of troubles (including additional downtime, not working for a while some services they were working before update etc.).
Instead inceasing the security by instantly update the server (if any new software appears for it), maybe just focus on making good backups of the server to get it back to work if someone really destroy it (because it is not 100% safe because of not installed some new stuff). I guess restoring the server from the backup is less troubles and shorter down-time than all down-times we need for every update.
I'm not any expert of servers, so I can't say You "do it - it's good" - or "don't do it - it's bad", but having some experience browsing other forums I may attest - our forum has the longest down-times from all I'm browsing. Dunno - other admins (of other forums) probably don't care so much for every update and their servers aren't attacked so often (I really don't remember any bigger down-time of other forum because got attcked/hacked), but - as the most important fro me - they just work.

"Something better is always an enemy of something good".

That's my opinion.

Re: Server Maintanance - August 2005
 

Well, the last update was kind of interrupted, and i left a lot of things unfinished, this is a package listing for the update, with the important one's bold:

[ebuild U ] sys-apps/man-1.6-r1 [1.6]
[ebuild U ] sys-apps/man-pages-2.07 [2.05]
[ebuild U ] sys-libs/zlib-1.2.3 [1.2.2]
[ebuild U ] dev-db/mysql-4.0.25-r2 [4.0.24-r1]
[ebuild U ] sys-auth/pam_mysql-0.6.0 [0.5]
[ebuild U ] app-shells/bash-3.0-r12 [3.0-r11]
[ebuild U ] sys-devel/gcc-config-1.3.12-r2 [1.3.11-r3]
[ebuild U ] sys-libs/glibc-2.3.5-r1 [2.3.5]
[ebuild U ] media-sound/mpg123-0.59s-r10 [0.59s-r9]
[ebuild U ] net-misc/asterisk-1.0.9 [1.0.8]
[ebuild U ] app-arch/sharutils-4.5 [4.2.1-r11]
[ebuild U ] mail-filter/razor-2.77 [2.74]
[ebuild U ] net-nds/openldap-2.2.27-r1 [2.2.26-r2]
[ebuild U ] net-misc/openssh-4.1_p1-r1 [3.9_p1]
[ebuild U ] app-editors/nano-1.3.8 [1.3.7]
[ebuild U ] sys-devel/automake-1.9.6 [1.8.0]
[ebuild U ] mail-client/mutt-1.5.9 [1.5.8-r2]
[ebuild U ] net-misc/wget-1.10 [1.9.1-r5]
[ebuild U ] net-dns/bind-9.3.1-r3 [9.2.5-r4]
[ebuild U ] media-libs/tiff-3.7.3 [3.7.2]
[ebuild U ] dev-libs/libxml2-2.6.20-r2 [2.6.19]
[ebuild U ] dev-libs/libxslt-1.1.14-r2 [1.1.13-r1]
[ebuild U ] sys-apps/file-4.14 [4.13]
[ebuild U ] media-libs/freetype-2.1.10 [2.1.9-r1]
[ebuild U ] app-arch/bzip2-1.0.3-r5 [1.0.3-r4]
[ebuild U ] sys-libs/gpm-1.20.1-r5 [1.20.1-r4]
[ebuild U ] app-text/aspell-0.60.3 [0.60.2]
[ebuild U ] net-analyzer/net-snmp-5.2.1.2 [5.2.1-r1]
[ebuild U ] dev-php/php-4.4.0 [4.1.0_rc2]
[ebuild U ] app-arch/gzip-1.3.5-r8 [1.3.5-r7]
[ebuild U ] net-libs/courier-authlib-0.57 [0.55.20050320]
[ebuild U ] net-mail/courier-imap-4.0.4 [4.0.1-r2]
[ebuild U ] sys-devel/autoconf-wrapper-3.1 [3-r1]
[ebuild U ] net-ftp/ncftp-3.1.9 [3.1.8-r1]
[ebuild U ] dev-util/dialog-1.0.20050306 [1.0.20050206]
[ebuild U ] sys-apps/debianutils-2.14.1-r1 [2.13.2]
[ebuild U ] sys-apps/sandbox-1.2.12 [1.2.9]
[ebuild U ] sys-apps/portage-2.0.51.22-r2 [2.0.51.22-r1]
[ebuild U ] app-portage/gentoolkit-dev-0.2.5 [0.2.4]
[ebuild U ] dev-util/pkgconfig-0.18.1-r1 [0.17.2-r1]
[ebuild U ] dev-libs/libpcre-6.1 [5.0]
[ebuild U ] net-analyzer/nmap-3.83 [3.81]
[ebuild U ] mail-filter/dspam-3.4.9 [3.4.8]
[ebuild U ] net-www/apache-2.0.54-r13 [2.0.54-r11]
[ebuild NS ] dev-php/mod_php-4.4.0-r1
[ebuild U ] net-misc/ntp-4.2.0.20050303 [4.2.0.20040617-r2]
[ebuild U ] net-dns/libidn-0.5.18 [0.5.17]
[ebuild U ] dev-libs/gmp-4.1.4-r1 [4.1.4]
[ebuild U ] app-antivirus/clamav-0.86.2 [0.86.1]
[ebuild U ] sys-apps/iproute2-2.6.11.20050330 [2.6.11.20050310-r1]
[ebuild U ] sys-libs/com_err-1.38 [1.37]
[ebuild U ] sys-libs/ss-1.38 [1.37]
[ebuild U ] sys-fs/e2fsprogs-1.38 [1.37-r1]
[ebuild U ] app-editors/vim-core-6.3.084-r2 [6.3.075]
[ebuild U ] app-editors/vim-6.3.084 [6.3.075]
[ebuild U ] sys-apps/module-init-tools-3.2_pre7-r1 [3.2_pre7]
[ebuild U ] net-www/mod_auth_mysql-3.0.0 [2.8.1]
[ebuild U ] net-ftp/ftp-0.17-r5 [0.17-r4]
[ebuild U ] net-dns/c-ares-1.2.1-r1 [1.2.1]
[ebuild U ] sys-apps/shadow-4.0.11.1-r2 [4.0.7-r2]
[ebuild U ] sys-apps/pam-login-4.0.11.1-r2 [3.17]
[ebuild U ] dev-util/subversion-1.2.1 [1.2.0]
[ebuild U ] app-admin/sudo-1.6.8_p9-r2 [1.6.8_p9-r1]
[ebuild U ] sys-apps/sysvinit-2.86-r1 [2.86]
[ebuild U ] sys-apps/baselayout-1.12.0_pre5 [1.11.12-r4]
[ebuild U ] net-dns/bind-tools-9.3.1 [9.2.5]
[ebuild U ] sys-process/fcron-2.9.7 [2.9.6]
[ebuild U ] sys-boot/grub-0.96-r3 [0.96-r2]
[ebuild U ] net-misc/rsync-2.6.6 [2.6.5]
[ebuild U ] net-firewall/iptables-1.3.2 [1.3.1-r4]
[ebuild U ] app-antivirus/f-prot-4.6.0-r1 [3.5.4-r1]

Re: Server Maintanance - August 2005
 

I love server updates ;)

Re: Server Maintanance - August 2005
 

same :D

Re: Server Maintanance - August 2005
 

I love gentoo


(and fbsd)

Re: Server Maintanance - August 2005
 

I love Rick. :P:P:P:P:P:P
Hahahahahahaah. :D:D:D