[96919] in RedHat Linux List

home help back first fref pref prev next nref lref last post

Re: RedHat bugs???

daemon@ATHENA.MIT.EDU (Joerg Mertin)
Fri Oct 30 03:31:19 1998

Date: Fri, 30 Oct 1998 08:46:20 +0100
From: Joerg Mertin <smurphy@dspecialists.de>
To: redhat-list@redhat.com
Mail-Followup-To: redhat-list@redhat.com
In-Reply-To: <199810291725.KAA21700@mu.gsnet.com>; from Mike Bridge on Thu, Oct 29, 1998 at 10:35:11AM -0700
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com

On Thu, Oct 29, 1998 at 10:35:11AM -0700, Mike Bridge wrote: 
> I've recently talked to about 10 or so administrators who were "trying out" 
> Linux on their sites and had their machines broken into by hackers.  All 
> of them were using unpatched distributions of RedHat 5.x, and most of 
> them were shocked by the experience and are wiping Linux off and 
> installing NT.  One guy told me he had a machine running RedHat 5.0 for 
> one day before someone hacked in and installed an IRC bot on it.  I think 
> this is a big concern- this is generating a bad reputation for RedHat and 
> Linux as an insecure environment.  

Well, no to bother you with this, but if these guys are Administrators,
they are _very_ bad administrators. Of course no one will hack their
NT-Boxes, ´cause no one could make the IRC-Bot run on it long enough.
Also, what Uptime is the Expected NT box going ot have ? Our NT Boxes here
have an average uptime of 3 Days, the LiNUX Server (Raid System etc.) had
71 Days, befor the UPS had to shut the Server down -> Power lossage for 2
Hours. The XDMCP-Server here has an uptime of 79 days too (Power lossage
crashed it), and has 15 concurring XDMCP Sessions/day. 

I´m sorry to say so, but people telling they are administrators just
because they know what the NT Configuration-GUI looks like with no
knowledge how a Network works, are no Admins. And I know enough of them to
be able to say, 90% of all so called NT-Admins are not Admins.

> 
> I think it should really be part of the installation process to inform people 
> how important it is to go to the RedHat site and get the patches.  Then 
> they should be told to read the current security FAQ and subscribe to a 
> mailing list which will warn them of future security problems.  There are 
> lots and lots of people with lots and lots of time on their hands who take 
> advantage of these holes every day, and it's really bad for Linux's 
> reputation.

Hmmm. Every admin who knows his work, is going to download
Securitypatches/updates prior to runing the System on the network. 

Regards
-- 
The less time planning, the more time programming.
-------------------------------------------------------------------------
 Systemverwalter:       Joerg Mertin <smurphy@stardust.phantasia.org>
 Phone : +49 30 467 805-71           DSPecialists GmbH
 FAX:    +49 30 467 805-99           Wattstraße 11-13
 Email:  <smurphy@DSPecialists.de>   13355 Berlin
 WWW:    http://www.DSPecialists.de  Germany


-- 
  PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
		http://www.redhat.com http://archive.redhat.com
         To unsubscribe: mail redhat-list-request@redhat.com with 
                       "unsubscribe" as the Subject.


home help back first fref pref prev next nref lref last post