![]() ![]() The customer still running Debian 3 is an “academic” institution trying to run themselves as an Enterprise (insert sardonic laugh)… one of those Debian 3 boxes triggers our alerting system every F–KING night!Įssentially Orrible Linux is free, and to be fair - I actually kinda prefer it to RedHat*… It’s only not free if you want to do other stuff like log support calls - or - build internal yum repositories, and even then - it’s considerably cheaper than RHEL (which is kinda cheeky as they use RHEL source code as their base)…Īnd one thing I kinda liked last time I worked for a big Oracle shop, if you run Oracle Linux on Oracle x86 hardware and / or on Oracle VM for X86 (licensed) - you get support and can log support tickets - but - Oracle’s support page called “MOS” (My Oracle Support) is such a pig to use, it’s an active discouragement to actually log support calls … Spectre/Meltdown still haunts me - 'cause most of the NIX boxes I managed for multiple customers, haven’t been patched, 'cause the customer won’t let me patch… If anyone wants to upgrade sudo on all their nodes simultaneously, here are the papers: apiVersion: v1Ĭp /hostroot/etc/nf /hostroot/etc/Ĭp /etc/nf /hostroot/etc/nfĬp /hostroot/etc/ /hostroot/etc/nfĪt the time of Dirty Cow - I had a Puppet Enterprise system (that I built myself, with some help from a company called ICE in Sydney Australia to develop some manifests) - so managed it across some 160 NIX boxen, mostly Orrible Linux 5 and 6, some Solaris, Oracle VM for x86, Solaris x86 on ZFS Appliances (much as I hate Oracle - those things run rings around NetApp bang for buck) and ExaData - then they wanted me to fix it on ~35 Mac OS desktop machines - had to get desktop support to allow me SSH access to each one with “root” - and sorted (with a for loop)… yeah Macs got Dirty Cow too - but : piece of cake… Good to know, I just checked if the new versions installed are confirmed to be in the list of patched/backported sudos. Got some ~140 or so Linux servers at another customer, some of which are running Debian 3 (and 4) and RHEL 4 - good luck with those (and also Debian 6 and 7 and 8!).Īnd then there’s another customer with some 600-900 NIX servers (some are Solaris 10 or 11, some are Oracle or RHEL 5 or 6 or 7 ) - that’s gonna be tricky… ![]() If your machine’s not directly on the intert00bs - you probably don’t have much to worry about… my personal ones are not “really” on the intert00bs (the one that is - doesn’t listen for SSH on port 22 - and I am the only user in sudoers file) - and by and large I’m the only user - but among those 90 something servers I mentioned at the start - many of them are “servers” with multiple users with multiple forms of egress and some level of sudo access granted to them… If bad : then (RHEL 6) : ~]# sudoedit -s / No updates for sudo in RHEL 6 or Orrible (OEL) 6 - given both are end of life - I’m not surprised… RPM family : “sudo yum -y check-update & sudo yum -y install sudo”ĭEB family : “sudo apt update & sudo apt -y -reinstall install sudo” Just patched about 90+ something Linux servers (and a few desktops) across Ubuntu 16.04 LTS (Armbian), 18.04 LTS and 20.04 LTS, Debian Stretch and Buster, RHEL 7, Oracle Linux 7, CentOS 7 : ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |