LinuxQuestions.org
Download your favorite Linux distribution at LQ ISO.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 05-14-2019, 03:59 PM   #1
daviddon
LQ Newbie
 
Registered: May 2019
Posts: 8

Rep: Reputation: Disabled
Patching infrastructure


I just got in my hand a lab with a lot of out of date Linux OS server. Currently, the lab is not connecting to the internet. We will have these servers connecting the internet soon. I want these servers to be up to date before I open them up the outside. What should be the right way to patch these servers? What is the best tool to do patching? Also, should I scan these servers first before I start patching them? If so, what tool is the most efficient tool for the purpose?
 
Old 05-14-2019, 07:57 PM   #2
jefro
Moderator
 
Registered: Mar 2008
Posts: 18,945

Rep: Reputation: 2850Reputation: 2850Reputation: 2850Reputation: 2850Reputation: 2850Reputation: 2850Reputation: 2850Reputation: 2850Reputation: 2850Reputation: 2850Reputation: 2850
Not a clear way to proceed I'd think.

We may need to know any programs on these to decide what way to go first.
We may need to know age of computers and specs.
Might need to know the distro and version.

If you just want to use this stuff in a lab then consider getting newest supported version on some media and either build one at a time or disperse a clone across the lab.
 
Old 05-15-2019, 08:40 AM   #3
daviddon
LQ Newbie
 
Registered: May 2019
Posts: 8

Original Poster
Rep: Reputation: Disabled
I am thinking about using Ansible as a tool to patch my Linux servers. Do you think it is overdone to use Ansible for my 30 servers lab? If so, what other tools I should use?
 
Old 05-15-2019, 09:00 AM   #4
TB0ne
LQ Guru
 
Registered: Jul 2003
Location: Birmingham, Alabama
Distribution: SuSE, RedHat, Slack,CentOS
Posts: 21,365

Rep: Reputation: 5566Reputation: 5566Reputation: 5566Reputation: 5566Reputation: 5566Reputation: 5566Reputation: 5566Reputation: 5566Reputation: 5566Reputation: 5566Reputation: 5566
Quote:
Originally Posted by daviddon View Post
I just got in my hand a lab with a lot of out of date Linux OS server. Currently, the lab is not connecting to the internet. We will have these servers connecting the internet soon. I want these servers to be up to date before I open them up the outside. What should be the right way to patch these servers? What is the best tool to do patching? Also, should I scan these servers first before I start patching them? If so, what tool is the most efficient tool for the purpose?
Since you've told us absolutely NOTHING about these servers, what do you think we'll be able to tell you?? Version/distro of Linux on them? Functions? Number of users? Purpose of the servers??

Without details, not much we can tell you. If you're going to connect them to the Internet anyway, and they're just lab systems, why bother? Let them update on their own. If there are problems, they're lab boxes....format/reload. That's what they're for.
 
Old 05-15-2019, 10:36 AM   #5
daviddon
LQ Newbie
 
Registered: May 2019
Posts: 8

Original Poster
Rep: Reputation: Disabled
These are Centos 6 and 7 boxes. They are currently connecting to Centos distro but currently, there is no internet connection. They are used for high intensity imaging application. There are around 200 users.
 
Old 05-15-2019, 03:56 PM   #6
RickDeckard
Member
 
Registered: Jan 2014
Location: Acworth, Georgia, USA
Distribution: Arch+Gentoo Hardened, Ubuntu
Posts: 123

Rep: Reputation: Disabled
Do you have any hardware they need to connect to? Any software they need to run besides a base system install? Any networks of any type, like for instance does your lab which I will refer to as Lab A have to be linked up with Lab B? There may not be a connection to the Internet at large, but local area should definitely be a question you need to answer.

Good form is always to update your systems in stages just in case anything happens. That way, you can expedite a rollback later.
 
Old 05-16-2019, 09:18 AM   #7
daviddon
LQ Newbie
 
Registered: May 2019
Posts: 8

Original Poster
Rep: Reputation: Disabled
This lab is used for medical research. Most of the equipments are connected to high intensity body scan. The software running on these servers are mostly in house built. The lab is currently not linked to any other lab.
 
Old 05-16-2019, 10:16 AM   #8
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 2,880

Rep: Reputation: 1164Reputation: 1164Reputation: 1164Reputation: 1164Reputation: 1164Reputation: 1164Reputation: 1164Reputation: 1164Reputation: 1164
Ok, so you're talking about an actual laboratory. Many users on here would consider a "lab" to more akin to a sandbox / test environment.

You say that these machines are CentOS, so why not create a local mirror of the CentOS repositories and point your machines to use that instead of the external repos.
 
Old 05-16-2019, 10:23 AM   #9
daviddon
LQ Newbie
 
Registered: May 2019
Posts: 8

Original Poster
Rep: Reputation: Disabled
TenTenths - should I use Ansible or similar tools to point my machines to the local repository? Or is using Ansible overkill for my lab environment?
 
Old 05-16-2019, 10:26 AM   #10
TenTenths
Senior Member
 
Registered: Aug 2011
Location: Dublin
Distribution: Centos 5 / 6 / 7
Posts: 2,880

Rep: Reputation: 1164Reputation: 1164Reputation: 1164Reputation: 1164Reputation: 1164Reputation: 1164Reputation: 1164Reputation: 1164Reputation: 1164
Quote:
Originally Posted by daviddon View Post
TenTenths - should I use Ansible or similar tools to point my machines to the local repository? Or is using Ansible overkill for my lab environment?
If you're happy using Ansible to manage an environment then sure, go ahead. Whatever makes your config management easier. Use Ansible, SALT, Puppet, Rundeck, the only time using these tools is "overkill" is if you're managing just ONE server!
 
Old 05-16-2019, 11:42 AM   #11
dc.901
Member
 
Registered: Aug 2018
Location: Atlanta, GA - USA
Distribution: CentOS 6-7; SuSE 8-12
Posts: 381

Rep: Reputation: 101Reputation: 101
Quote:
Originally Posted by daviddon View Post
TenTenths - should I use Ansible or similar tools to point my machines to the local repository? Or is using Ansible overkill for my lab environment?
The machines are not connected to the Internet, but are they atleast on a LAN?
If not, that is the first thing you will have to do.
 
Old 05-16-2019, 11:56 AM   #12
RickDeckard
Member
 
Registered: Jan 2014
Location: Acworth, Georgia, USA
Distribution: Arch+Gentoo Hardened, Ubuntu
Posts: 123

Rep: Reputation: Disabled
In that case, update a server containing that software as a test environment and run it through close to real world usage of your special in-house software first.
 
Old 05-16-2019, 12:01 PM   #13
hydrurga
LQ Guru
 
Registered: Nov 2008
Location: Pictland
Distribution: Linux Mint 19.1 MATE
Posts: 7,776
Blog Entries: 3

Rep: Reputation: 2765Reputation: 2765Reputation: 2765Reputation: 2765Reputation: 2765Reputation: 2765Reputation: 2765Reputation: 2765Reputation: 2765Reputation: 2765Reputation: 2765
daviddon, can I strongly suggest that you seek assistance from the IT department, or similar, at your organisation and get a Linux expert in to advise you on your setup. If, for example, you are going to be connecting a group of servers to the internet then it's going to be a struggle starting from scratch, which you seem to be, and developing your systems by leaning heavily on the advice from internet forums (we're fine for one-off issues etc., but for ground-up design you need closer one-on-one advice).
 
3 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
LXer: Ubuntu 18.04 Needs to Patching, Alpine 3.9 Released, Three New openSUSE Tumbleweed Snapshots, Latest Version of Red Hat Infrastructure LXer Syndicated Linux News 0 01-31-2019 05:12 PM
Q about wireless hardware/infrastructure. tcaptain Linux - Hardware 3 04-07-2003 10:36 AM
Designing a Linux Network Infrastructure!? therizwaan Linux - Networking 5 09-12-2002 05:51 PM
Linux Infrastructure ahmiq Linux - General 5 06-24-2002 10:22 PM
network infrastructure kodiakmook Linux - Networking 4 11-13-2001 07:26 AM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 01:29 PM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration