Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
I just got in my hand a lab with a lot of out of date Linux OS server. Currently, the lab is not connecting to the internet. We will have these servers connecting the internet soon. I want these servers to be up to date before I open them up the outside. What should be the right way to patch these servers? What is the best tool to do patching? Also, should I scan these servers first before I start patching them? If so, what tool is the most efficient tool for the purpose?
We may need to know any programs on these to decide what way to go first.
We may need to know age of computers and specs.
Might need to know the distro and version.
If you just want to use this stuff in a lab then consider getting newest supported version on some media and either build one at a time or disperse a clone across the lab.
I am thinking about using Ansible as a tool to patch my Linux servers. Do you think it is overdone to use Ansible for my 30 servers lab? If so, what other tools I should use?
I just got in my hand a lab with a lot of out of date Linux OS server. Currently, the lab is not connecting to the internet. We will have these servers connecting the internet soon. I want these servers to be up to date before I open them up the outside. What should be the right way to patch these servers? What is the best tool to do patching? Also, should I scan these servers first before I start patching them? If so, what tool is the most efficient tool for the purpose?
Since you've told us absolutely NOTHING about these servers, what do you think we'll be able to tell you?? Version/distro of Linux on them? Functions? Number of users? Purpose of the servers??
Without details, not much we can tell you. If you're going to connect them to the Internet anyway, and they're just lab systems, why bother? Let them update on their own. If there are problems, they're lab boxes....format/reload. That's what they're for.
These are Centos 6 and 7 boxes. They are currently connecting to Centos distro but currently, there is no internet connection. They are used for high intensity imaging application. There are around 200 users.
Do you have any hardware they need to connect to? Any software they need to run besides a base system install? Any networks of any type, like for instance does your lab which I will refer to as Lab A have to be linked up with Lab B? There may not be a connection to the Internet at large, but local area should definitely be a question you need to answer.
Good form is always to update your systems in stages just in case anything happens. That way, you can expedite a rollback later.
This lab is used for medical research. Most of the equipments are connected to high intensity body scan. The software running on these servers are mostly in house built. The lab is currently not linked to any other lab.
Ok, so you're talking about an actual laboratory. Many users on here would consider a "lab" to more akin to a sandbox / test environment.
You say that these machines are CentOS, so why not create a local mirror of the CentOS repositories and point your machines to use that instead of the external repos.
TenTenths - should I use Ansible or similar tools to point my machines to the local repository? Or is using Ansible overkill for my lab environment?
If you're happy using Ansible to manage an environment then sure, go ahead. Whatever makes your config management easier. Use Ansible, SALT, Puppet, Rundeck, the only time using these tools is "overkill" is if you're managing just ONE server!
In that case, update a server containing that software as a test environment and run it through close to real world usage of your special in-house software first.
daviddon, can I strongly suggest that you seek assistance from the IT department, or similar, at your organisation and get a Linux expert in to advise you on your setup. If, for example, you are going to be connecting a group of servers to the internet then it's going to be a struggle starting from scratch, which you seem to be, and developing your systems by leaning heavily on the advice from internet forums (we're fine for one-off issues etc., but for ground-up design you need closer one-on-one advice).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.