[96919] in RedHat Linux List
Re: RedHat bugs???
daemon@ATHENA.MIT.EDU (Joerg Mertin)
Fri Oct 30 03:31:19 1998
Date: Fri, 30 Oct 1998 08:46:20 +0100
From: Joerg Mertin <smurphy@dspecialists.de>
To: redhat-list@redhat.com
Mail-Followup-To: redhat-list@redhat.com
In-Reply-To: <199810291725.KAA21700@mu.gsnet.com>; from Mike Bridge on Thu, Oct 29, 1998 at 10:35:11AM -0700
Resent-From: redhat-list@redhat.com
Reply-To: redhat-list@redhat.com
On Thu, Oct 29, 1998 at 10:35:11AM -0700, Mike Bridge wrote:
> I've recently talked to about 10 or so administrators who were "trying out"
> Linux on their sites and had their machines broken into by hackers. All
> of them were using unpatched distributions of RedHat 5.x, and most of
> them were shocked by the experience and are wiping Linux off and
> installing NT. One guy told me he had a machine running RedHat 5.0 for
> one day before someone hacked in and installed an IRC bot on it. I think
> this is a big concern- this is generating a bad reputation for RedHat and
> Linux as an insecure environment.
Well, no to bother you with this, but if these guys are Administrators,
they are _very_ bad administrators. Of course no one will hack their
NT-Boxes, ´cause no one could make the IRC-Bot run on it long enough.
Also, what Uptime is the Expected NT box going ot have ? Our NT Boxes here
have an average uptime of 3 Days, the LiNUX Server (Raid System etc.) had
71 Days, befor the UPS had to shut the Server down -> Power lossage for 2
Hours. The XDMCP-Server here has an uptime of 79 days too (Power lossage
crashed it), and has 15 concurring XDMCP Sessions/day.
I´m sorry to say so, but people telling they are administrators just
because they know what the NT Configuration-GUI looks like with no
knowledge how a Network works, are no Admins. And I know enough of them to
be able to say, 90% of all so called NT-Admins are not Admins.
>
> I think it should really be part of the installation process to inform people
> how important it is to go to the RedHat site and get the patches. Then
> they should be told to read the current security FAQ and subscribe to a
> mailing list which will warn them of future security problems. There are
> lots and lots of people with lots and lots of time on their hands who take
> advantage of these holes every day, and it's really bad for Linux's
> reputation.
Hmmm. Every admin who knows his work, is going to download
Securitypatches/updates prior to runing the System on the network.
Regards
--
The less time planning, the more time programming.
-------------------------------------------------------------------------
Systemverwalter: Joerg Mertin <smurphy@stardust.phantasia.org>
Phone : +49 30 467 805-71 DSPecialists GmbH
FAX: +49 30 467 805-99 Wattstraße 11-13
Email: <smurphy@DSPecialists.de> 13355 Berlin
WWW: http://www.DSPecialists.de Germany
--
PLEASE read the Red Hat FAQ, Tips, Errata and the MAILING LIST ARCHIVES!
http://www.redhat.com http://archive.redhat.com
To unsubscribe: mail redhat-list-request@redhat.com with
"unsubscribe" as the Subject.