Results 1 to 18 of 18
  1. #1
    Join Date
    Sep 2003
    Location
    Europe
    Posts
    322

    Best kernel version...

    Hi all!

    I was wondering what would be the best choice for a Linux kernel. Also, how would 2.4.20-28.9 relate to the previous "best current kernel" question (in other words - is this version suitable or it's rather a security hazard - simply too old)?

    Thanks!

    Regards,
    Andrei Banu

  2. #2
    Join Date
    Mar 2004
    Location
    Chicago, IL
    Posts
    384
    Assuming you are running RedHat 9 (looks like it), you should upgrade to the latest RedHat released version at least... 2.4.20-31.9. You can download the RPM from RedHat.

    If you want to compile your own, avoid 2.4.22 through 2.4.25. I run 2.4.26 with grsecurity custom configured.

  3. #3
    It would really depend on your environment. If this is a shared hosting box, then it would be best to keep updated on patches for your kernel version. I think mostly were local exploits in those.

  4. #4
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    You need to keep up with the latest kernels, and yes your kernel is bad.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  5. #5
    Join Date
    Jan 2004
    Location
    /home/dislexik
    Posts
    820
    2.4.26 is the current for 2.4 kernel, and should do fine, grsecurity will increase security of your server so worth patching the kernel with it. 2.4.25 solved a hole in the memory for root access, so it is definitly worth getting this patch and above.

    Regards

    DislexiK
    "You donít learn to hack, you hack to learn"

  6. #6
    Join Date
    Sep 2003
    Location
    Europe
    Posts
    322

    Issues

    Hello!

    Thank you all for your answers. The problem is that I can't do the update myself - I'm on a reseller account.

    You need to keep up with the latest kernels, and yes your kernel is bad.
    Is it bad only because it's outdated or there are other problems as well with this specific version?

    Should I see this issue as tolerable or you all think I should do something about?

    Regards,
    Andrei Banu

  7. #7
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Your kernel is vulnerable to a local root exploit, if you are hosting people on that server they have the potential to gain root access on your server.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  8. #8
    Join Date
    Sep 2003
    Location
    Europe
    Posts
    322
    Hello again!

    Your kernel is vulnerable to a local root exploit, if you are hosting people on that server they have the potential to gain root access on your server.
    I am hosting ~50 sites there.

    So to conclude, if my provider doesn't fix this issue soon, do you think I should make the effort of moving GBs worth of clients sites to another reseller provider (with all that comes...users from the mysql not saved that have to be manually created...searching through all the db connection libs to find them, inconsistent email deliveries while propagating, etc, etc)?

    Or maybe I should just deny SSH on all my customers and hope that all the other resellers from that server do the same?

    Best regards,
    Andrei Banu
    Last edited by AndyB78; 05-06-2004 at 03:17 AM.

  9. #9
    Join Date
    Mar 2003
    Location
    California USA
    Posts
    13,294
    Originally posted by AndyB78
    Hello again!



    Or maybe I should just deny SSH on all my customers and hope that all the other resellers from that server do the same?

    Best regards,
    Andrei Banu
    It can be done from a php or perl script aswell. If the host is good they would upgrade it.
    Steven Ciaburri | Industry's Best Server Management - Rack911.com
    Software Auditing - 400+ Vulnerabilities Found - Quote @ https://www.RACK911Labs.com
    Fully Managed Dedicated Servers (Las Vegas, New York City, & Amsterdam) (AS62710)
    FreeBSD & Linux Server Management, Security Auditing, Server Optimization, PCI Compliance

  10. #10
    Join Date
    Jul 2003
    Location
    Nothing but, net
    Posts
    2,062
    Who is the host?

    I feel the sudden urge to buy a hosting account....

  11. #11
    Join Date
    Sep 2003
    Location
    Europe
    Posts
    322
    Hello!

    I feel the sudden urge to buy a hosting account....
    Well so far, overall, I would not say he's bad so I would not like to ruin his good name. I mean the server is powerful, the load is reasonable, the downtime still within my expectations (at least it has been for the first 4-5 month...lately there have been some issues but if there will be no other problem in the near future, I'd say it's still OK).

    In other words, I don't feel the quality of the service demands for criticism yet. If this changes, I will reconsider. Also he might recover soon...I will go and ask...

    Maybe I am wrong feeling reluctant to share his name but seems ok for now...

    Regards,
    Andrei Banu

  12. #12
    What should I type to find out the kernel version on my server?

    Thanks,

  13. #13
    Join Date
    Sep 2003
    Location
    Europe
    Posts
    322
    Hi!

    What should I type to find out the kernel version on my server?
    uname -a

    ....should do I think.

    Regards,
    Andrei Banu

  14. #14
    Join Date
    Jul 2003
    Location
    Nothing but, net
    Posts
    2,062
    Originally posted by AndyB78
    Hello!



    Well so far, overall, I would not say he's bad so I would not like to ruin his good name. I mean the server is powerful, the load is reasonable, the downtime still within my expectations (at least it has been for the first 4-5 month...lately there have been some issues but if there will be no other problem in the near future, I'd say it's still OK).

    In other words, I don't feel the quality of the service demands for criticism yet. If this changes, I will reconsider. Also he might recover soon...I will go and ask...

    Maybe I am wrong feeling reluctant to share his name but seems ok for now...

    Regards,
    Andrei Banu
    Who said anything about ruining his good name.. I just want to buy a hosting account...

  15. #15
    Join Date
    Sep 2003
    Location
    Europe
    Posts
    322
    Who said anything about ruining his good name.. I just want to buy a hosting account...
    Are you always this funny? (no offense! ok?)

    Regards!

  16. #16
    Join Date
    Jul 2003
    Location
    Nothing but, net
    Posts
    2,062
    Not always but, I try..

    Let your host know what is going on. While it is true they should have updated the kernel awhile back and any host that is on top of the security would have, it is your choice to stay with them. Security by obscurity won't work for long.

  17. #17
    Join Date
    Sep 2003
    Location
    Europe
    Posts
    322
    ...it is your choice to stay with them.
    Do you think I shouldn't?

    I've told him already...waiting for the result...

    Regards!

  18. #18
    Join Date
    Jul 2003
    Location
    Nothing but, net
    Posts
    2,062
    Originally posted by AndyB78
    Do you think I shouldn't?

    I've told him already...waiting for the result...

    Regards!
    If they stonewall/don't respond/tell you it is secure, yes I think you should move.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •