by ezs | Nov 8, 2005 | evilzenscientist, Linux, patching, Uncategorized
ZDNet and others are flagging a new Linux worm.
Quoting McAfee:
The worm blindly attacks web servers by sending malicious http requests on port 80. If the target server is running one of the vulnerable scripts at specific URLs and is configured to permit external shell commands and remote file download in the PHP/CGI environment, a copy of the worm could be downloaded and executed.
There are some well understood methods to minimise this risk.
Practice good security. A good robust perimeter firewall – I use IPcop; along with a good patch regime is vital. I (naturally) use ZENworks Linux Management to keep my Linux servers up to date.
One other addition is application hardening – I blogged a while ago about Novell AppArmor – I run this on my outward facing and internal Linux servers. If anything untoward happens – AppArmor is my final line of defence keeping my servers in good health.
[Edit – also to note – keep your applications themselves up to date; if they are RPM based – ZENworks Linux Management can deliver the updates. My blogging software is WordPress – they posted a note saying the updated versions are not affected.]
by ezs | Oct 17, 2005 | evilzenscientist, patching, Uncategorized
I seem to have won the task of writing a short paper on ‘how to update and patch Novell systems in the enterprise’.
I’m working on this in conjunction with my ZENworks 7 Linux Management white paper – which is still being written. (Sorry it’s late – I’m on the road again!)
My summary so far is:
NetWare – use ZENworks Server Management. Deploy CPKs of the Consolidated Support Pack
SLES 8 – use ZENworks Linux Management. Mirror content from a YaST Online Update mirror.
SLES 9 – use ZENworks Linux Management. Mirror content from update.novell.com. Note: Make sure you have migrated your SUSE portal account!
NLD 9 – as SLES 9
RHEL – use ZENworks Linux Management. I know it’s not a Novell product – but mirror content from Red Hat Network using your RHN credentials.
There are probably some other platforms I need to add here – small biz server and some applications spring to mind – but I’ll be working off this list.
Comments welcome.
by ezs | Oct 11, 2005 | evilzenscientist, patching, Uncategorized
A busy one:
Microsoft Patch Disclosure – October 2005
Nine Microsoft patches: three Critical, four Important, and two Moderate.
Internet Explorer is the target of another Critical update. All nine of these updates are available via ZENworks Patch Management today.
Recent Comments