RHN updates and protected /bin files -- what happens?

#1 (**permalink**) 09-13-2003

I protected my various /bin directories against cockroaches with chattr -iu
on the files, but now I'm wondering what kind of side effects this may cause
with the RHN (Redhat Network) automatic updates/patches. Will some of these
updates fail, or cause a partial-install mess, or will RHN deal with it
gracefully?

#2 (**permalink**) 09-13-2003

> I protected my various /bin directories against cockroaches with chattr -iu
> on the files, but now I'm wondering what kind of side effects this may cause
> with the RHN (Redhat Network) automatic updates/patches. Will some of these
> updates fail,

Yes.

> or cause a partial-install mess,

Yes.

> or will RHN deal with it gracefully?

No.

It happened to me "by accident", and rpm refuses to deal with chattr.
See http://bugzilla.redhat.com/bugzilla/...g.cgi?id=66511

#3 (**permalink**) 09-13-2003

On Fri, 12 Sep 2003 21:39:59 -0700, John Reiser <jreiser@BitWagon.com>
wrote:

> > I protected my various /bin directories against cockroaches with chattr -iu
> > on the files, but now I'm wondering what kind of side effects this may cause
> > with the RHN (Redhat Network) automatic updates/patches. Will some of these
> > updates fail,
>
>Yes.
>
> > or cause a partial-install mess,
>
>Yes.
>
> > or will RHN deal with it gracefully?
>
>No.
>
>It happened to me "by accident", and rpm refuses to deal with chattr.
>See http://bugzilla.redhat.com/bugzilla/...g.cgi?id=66511

I suggest tripwire - it's a major pain to set up, but works fine for
letting you know what, if any, files have changed.

Mike-

Mornings: Evolution in action. Only the grumpy will survive.
-----------------------------------------------------

Please note - Due to the intense volume of spam, we have
installed site-wide spam filters at catherders.com. If
email from you bounces, try non-HTML, non-encoded,
non-attachments.

----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet News==----
http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000 Newsgroups
---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption =---

#4 (**permalink**) 09-13-2003

Using chattr -i helps prevent some attacks while tripwire only warns after
something happens.

"Michael W. Cocke" <cocke@catherders.com> wrote in message
news:pf16mvkapp01n4fl5tdvq1in2plm5nmf4n@4ax.com...
> On Fri, 12 Sep 2003 21:39:59 -0700, John Reiser <jreiser@BitWagon.com>
> wrote:
>
> > > I protected my various /bin directories against cockroaches with
chattr -iu
> > > on the files, but now I'm wondering what kind of side effects this may
cause
> > > with the RHN (Redhat Network) automatic updates/patches. Will some of
these
> > > updates fail,
> >
> >Yes.
> >
> > > or cause a partial-install mess,
> >
> >Yes.
> >
> > > or will RHN deal with it gracefully?
> >
> >No.
> >
> >It happened to me "by accident", and rpm refuses to deal with chattr.
> >See http://bugzilla.redhat.com/bugzilla/...g.cgi?id=66511
>
>
> I suggest tripwire - it's a major pain to set up, but works fine for
> letting you know what, if any, files have changed.
>
> Mike-
>
> Mornings: Evolution in action. Only the grumpy will survive.
> -----------------------------------------------------
>
> Please note - Due to the intense volume of spam, we have
> installed site-wide spam filters at catherders.com. If
> email from you bounces, try non-HTML, non-encoded,
> non-attachments.
>
>
> ----== Posted via Newsfeed.Com - Unlimited-Uncensored-Secure Usenet
News==----
> http://www.newsfeed.com The #1 Newsgroup Service in the World! >100,000
Newsgroups
> ---= 19 East/West-Coast Specialized Servers - Total Privacy via Encryption
=---

#5 (**permalink**) 09-13-2003

That's a serious bug in RHN.

I wonder what would the best way to perform the updates in this case?

Perhaps set up a cron script to chattr -iu and then run up2date -u, then put
the chattr back?

"John Reiser" <jreiser@BitWagon.com> wrote in message
news:3F629F9F.1090806@BitWagon.com...
> > I protected my various /bin directories against cockroaches with
chattr -iu
> > on the files, but now I'm wondering what kind of side effects this may
cause
> > with the RHN (Redhat Network) automatic updates/patches. Will some of
these
> > updates fail,
>
> Yes.
>
> > or cause a partial-install mess,
>
> Yes.
>
> > or will RHN deal with it gracefully?
>
> No.
>
> It happened to me "by accident", and rpm refuses to deal with chattr.
> See http://bugzilla.redhat.com/bugzilla/...g.cgi?id=66511
>

#6 (**permalink**) 09-13-2003

On Sat, 13 Sep 2003 19:42:01 GMT, "Dan DeLion"
<noemail@northpole.nowhere> wrote:

******** top posting corrected **********

>"John Reiser" <jreiser@BitWagon.com> wrote in message
>news:3F629F9F.1090806@BitWagon.com...
>> > I protected my various /bin directories against cockroaches with
>chattr -iu
>> > on the files, but now I'm wondering what kind of side effects this may
>cause
>> > with the RHN (Redhat Network) automatic updates/patches. Will some of
>these
>> > updates fail,
>>
>> Yes.
>>
>> > or cause a partial-install mess,
>>
>> Yes.
>>
>> > or will RHN deal with it gracefully?
>>
>> No.
>>
>> It happened to me "by accident", and rpm refuses to deal with chattr.
>> See http://bugzilla.redhat.com/bugzilla/...g.cgi?id=66511
>>
>
>That's a serious bug in RHN.
>
>I wonder what would the best way to perform the updates in this case?
>
>Perhaps set up a cron script to chattr -iu and then run up2date -u, then put
>the chattr back?
>

Why is that a bug? You make the files immutable then complain when
they can't be overwritten?

Rich Piotrowski

To reply via E-Mail use rpiotro(at)wi(dot)rr(dot)com

Thread Tools	Search this Thread
Show Printable Version Email this Page	Search this Thread: Advanced Search
Display Modes
Linear Mode Switch to Hybrid Mode Switch to Threaded Mode