Re: Sun Solaris login bug patches out

From: Warren Belfer (belfer@gullwing.eng.sun.com)
Date: 12/30/01 

Date: Sun, 30 Dec 2001 13:45:41 -0800 (PST)
From: Warren Belfer <belfer@gullwing.eng.sun.com>
To: focus-sun@securityfocus.com

> >
> > i, personally, am of the 'anti-M$' mentality that one shouldn't reboot a
> > unix box ``just because''.
>
> That doesn't make any sense at all. A UNIX box with a high uptime is
> indicative of that box not being maintained with the latest security
> patches. IMO I think it's a shame that this attitude is part of the
> UNIX culture. A maintenance schedule that installs patches at regular
> intervals, including kernel patches which require a reboot, and
> including all security patches is a definite must. If I were cracker,
> I'd target UNIX systems with 3+ months of uptime because I'd have a
> better probability of finding exploitable bugs.
>
> Why a system has been rebooted is more important than how often.

Couldn't agreee with you more; but I suspect that Mike's comment was against
the fairly common practice of rebooting needlessly. This is usually by
people who come from a long M$ history of needing to reboot every time
some config gets changed. It is generally by folks who don't understand
what is going on, so they feel safer rebooting. Needlessly rebooting
production boxes takes them off line and for statefull applications frequently
causes users to lose their state and need to re-login, etc.

Systems should be rebooted when they need to be; typically after installing
the kernel jumbo patch or any patch that says you need to in the README.

Depending on what box is being used for (what service it provides) there may not
be any relevant security patches for much more than 3 months or even 6 months.

Cheers,

Warren Belfer
Lead Operations Engineer
Internet Services Engineering
Sun Microsystems, Inc.
(650) 786-9693 (internal x89693)
"...we'll meet again, some sunny day..."

Relevant Pages

  • Re: How to remove obsolete volume groups and logical volumes
    ... Then you shoulld be able to vgremove the ... I would reboot the system to single-user mode or LVM maintenance ... Unix Guy Consulting, LLC ...
    (comp.sys.hp.hpux)
  • Re: %$#@% Windows Services For Unix Stale NFS File Handle
    ... >> Unix and Windows environments. ... every time we reboot a Solaris server that has an NFS ... SFU services over to the other node in the Windows cluster. ...
    (comp.unix.solaris)
  • Problem with Netra 1400 machine
    ... Mar 30 08:49:47 GC unix: errID ... Mar 30 08:49:47 GC unix: NOTICE: Scheduling clearing ... Mar 30 08:49:47 GC and is fatal: will reboot ... Do you Yahoo!? ...
    (SunManagers)
  • Re: Finally going over to the Mac side
    ... reboot". ...  If I could use Unix or Linux exclusively, ... We try to reboot our current Linux servers about every 6 months. ...
    (rec.music.classical.guitar)
  • Re: Sun Solaris login bug patches out
    ... > if someone is in because of an exploited root, ... > than are solved by a simple reboot. ... A UNIX box with a high uptime is ... A maintenance schedule that installs patches at regular ...
    (Focus-SUN)