On Mon, 2004-08-09 at 05:32, Stanley Allely wrote: > I noticed that when I run up2date in fc2, that the sys admin auth. > doesn't always go away immediately once it moves to package retrieval. > Sometimes it takes several minutes before the "keys" disappear (yeah I > use dial up). I don't like to expose root online any longer than > necessary, so can I safely click "forget authorization" as soon as > up2date switches to package retrieval mode? I don't want to mess up the > update but then I also don't want to find I got a "surprise" with my > upgrade. How secure is the actual upgrade process? BTW thank you list > contributors, you've sometimes answered questions I didn't even know I had! > Stan Good question. I would think up2date would still need root level permissions until the install process was completed. That being said, you may want to switch to using yum instead. I have found yum updates to run much quicker than using up2date. Not sure why as I believe up2date actually uses yum behind the scenes but maybe it adds some additional overhead. You can still use the rhn applet to notify you of available updates and give you a quick list of what is available. Just use yum to actually get the update directly instead of the up2date application. Probably the best thing you can do to secure your box is to disable any/all services you don't really need or use. In addition run iptables and only open ports that you actually need. If you were to encounter a problem during an update it would most likely be due to a hacked mirror server passing out trojan copies of programs. Unfortunately there is not much you can do to protect yourself from that except wait a few days/weeks before upgrading something new (let others act as canaries (why did that make me think of Red Dwarf?) and try it before you unleash it on your box). You could also run tools like iptraf or ethereal to monitor the connections on your system during such operations if you are really paranoid. -- Scot L. Harris webid@xxxxxxxxxx QOTD: "It seems to me that your antenna doesn't bring in too many stations anymore."
