Red Hat Enterprise Linux 2.1 - 1-Year End Of Life Notice
Red Hat Enterprise Linux 2.1 - 1-Year End Of Life Notice
Posted Jun 4, 2008 11:55 UTC (Wed) by RobSeace (subscriber, #4435)In reply to: Red Hat Enterprise Linux 2.1 - 1-Year End Of Life Notice by yodermk
Parent article: Red Hat Enterprise Linux 2.1 - 1-Year End Of Life Notice
We have a mail server running Red Hat 5.2... Not RHEL 5.2, mind you, but actual old-school RH 5.2 with a 2.0.36 kernel... Current uptime: 412 days... Why run something so ancient? "If it ain't broke, don't fix it!" ;-)
Posted Jun 4, 2008 15:24 UTC (Wed)
by tialaramex (subscriber, #21167)
[Link] (2 responses)
Posted Jun 4, 2008 16:38 UTC (Wed)
by RobSeace (subscriber, #4435)
[Link] (1 responses)
Posted Jun 9, 2008 12:29 UTC (Mon)
by davidfulwiler (guest, #47890)
[Link]
Red Hat Enterprise Linux 2.1 - 1-Year End Of Life Notice
But as a mail server it touches data which was created by untrusted remote systems, probably
all the time (if it's outgoing only then less often). If you're not getting patches for years
then your mail server is bound to have serious bugs that are well known by Black Hats.
So unless all the mail related stuff is actually hand maintained, and by someone quite
diligent, sooner or later someone's going to break into it.
Once upon a time you'd know this had happened because lots of files would be deleted, the
login banner would be changed to "joo R 0wned. Props to Big Mikey and S00pe7M3n !!!11!!1!" or
whatever. Maybe you'd notice the thousands of attempts to telnet into other machines as root
with passwords like "letmein". Laughable stuff.
Today the people likely to break in will carefully repair the hole they used to get in, ensure
they don't disrupt the hardware's apparent purpose (in your case, sending and receiving mail)
and then go on to use it as part of huge network of machines supporting a criminal enterprise.
So it "ain't broke" and you continue to "not fix it" but somewhere a slightly gullible old
lady is "re-entering" her credit card details into a web page served by your "mail server"
which says it is her bank.
Red Hat Enterprise Linux 2.1 - 1-Year End Of Life Notice
> If you're not getting patches for years
Not getting them from Red Hat != not getting them at all... That's the great
thing about open source (and, being a programmer ;-)): you can fix stuff
yourself, if the need arises...
> So unless all the mail related stuff is actually hand maintained
Oh, it is... We've upgraded the sendmail many times in the past for previous
issues... Had to hand-build our own RPMs, often applying our own patches and
tweaks to get things working right, but like I say, that's one of the major
benefits of open source...
And, actually being an ancient system tends to work in our favor securitywise,
in a purely "security by obscurity" way: the script-kiddies and scammers who
just run pre-made exploits generally won't have one that'll run on a system
that old... "Security by obsolescence", if you will... ;-)
I certainly wouldn't recommend everyone and their mothers run ancient systems
like that, of course... If you don't know what you're doing and manually
keep things patched up and running properly, you'll have big problems, as
you point out... But, if you know what you're doing, and value stability
of the system over the time it takes to keep it running as-is, then there's
nothing wrong with it... Like I say, that's really one of the hugest benefits
of open source, IMHO: the ability to keep old software running for as long
as you need it to, without being forced into an unnecessary upgrade cycle...
Not everyone CAN or SHOULD do it, but for those that can and need to, it's
an incredibly powerful benefit...
Red Hat Enterprise Linux 2.1 - 1-Year End Of Life Notice
Fantastic. Bravo... That really is the whole idea as I see it. This whole update a whole OS
and reinstall and that bit was introduced to us from those that sell out of the box broken
OS's I have run an old caching DNS server for years using some old Slackware. I know every
burp and hic-up that little honey goes through, because of this any irregularity really stands
out and I catch it. If it aint broke don't fix it again.
Dave From Milwaukee