LinuxQuestions.org
Help answer threads with 0 replies.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Distributions > Debian
User Name
Password
Debian This forum is for the discussion of Debian Linux.

Notices

Reply
 
Search this Thread
Old 04-08-2004, 11:54 AM   #1
loadedmind
Member
 
Registered: Sep 2003
Location: South
Distribution: Red Hat/CentOS
Posts: 207
Blog Entries: 1

Rep: Reputation: 16
Question Security Precautions with older kernel


Hell all. I, like many others, have an antiquated machine running this distro and am using the older kernel for this very reason. If I have done the necessary "apt-get update" for the version of kernel I'm using, is there still a possibility that, because the newer kernels are the ones being patched and revised, I need to do something else to ensure it's as secure as possible? I try to keep my packages updated, such as samba, etc.


TIA,
~LM
 
Old 04-08-2004, 05:07 PM   #2
HappyTux
Senior Member
 
Registered: Mar 2003
Location: Nova Scotia, Canada
Distribution: Debian AMD64
Posts: 3,513

Rep: Reputation: 63
Re: Security Precautions with older kernel

Quote:
Originally posted by loadedmind
Hell all. I, like many others, have an antiquated machine running this distro and am using the older kernel for this very reason. If I have done the necessary "apt-get update" for the version of kernel I'm using, is there still a possibility that, because the newer kernels are the ones being patched and revised, I need to do something else to ensure it's as secure as possible? I try to keep my packages updated, such as samba, etc.


TIA,
~LM
With Debian kernels the security fixes are backported to the older kernel version(s) and a new version of the kernel image package is released with the -number suffix bumped up by one so the packaging system will know there is a new kernel to install and tell you. From my firewall machine for instance.

Code:
DoopeyTux:/home/stephen# uname -r
2.4.18-586tsc
DoopeyTux:/home/stephen# apt-cache policy kernel-image-2.4.18-586tsc
kernel-image-2.4.18-586tsc:
  Installed: 2.4.18-5
  Candidate: 2.4.18-5
  Version Table:
 *** 2.4.18-5 0
        500 ftp://ftp2.de.debian.org stable/main Packages
        100 /var/lib/dpkg/status
This shows me that I have a 2.4.18-586tsc kernel installed and it is the fifth ( -5) revision of this kernel that has been in the archives and there is no update available. Now none of this will matter if you still have the installation kernel running because the packaging system does not know about it and will never tell you to upgrade. When you say you have "done the necessary apt-get update" do you mean you have installed a kernel from the archives and it is up to date? If so then the security problems have been taken care of.
 
Old 04-09-2004, 07:08 AM   #3
loadedmind
Member
 
Registered: Sep 2003
Location: South
Distribution: Red Hat/CentOS
Posts: 207
Blog Entries: 1

Original Poster
Rep: Reputation: 16
RE: Sec Precautions

In short, yes, latest revisions to existing kernel ver. have been applied. I read about exploits found with older kernel ver.'s such as buffer overflows and wanted to ensure that my ver was robust enough to handle such an attack, since it's the first box my network sees before internet comes through. Thanks for that bit of wisdom, good stuff.



~LM
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Server precautions Synesthesia Linux - General 3 06-05-2005 06:07 PM
older kernel greyfox007 Mandriva 4 04-06-2004 07:11 PM
Older driver on new Kernel rockrules Linux - Hardware 1 04-02-2004 11:06 AM
Precautions.... Mentes Slackware 10 06-20-2003 08:07 AM
i want to install an older kernel tchumatu Linux - Software 4 03-15-2001 08:26 PM


All times are GMT -5. The time now is 12:04 AM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration