vicidial.org

VICIDIAL astGUIclient discussion forum
http://vicidial.org/VICIDIALforum/

Are Zypper Updates Advised?

http://vicidial.org/VICIDIALforum/viewtopic.php?f=8&t=34555

Page 1 of 1

Are Zypper Updates Advised?

PostPosted: Mon Jun 15, 2015 9:26 am
by dunketh
Hi Guys,

I have been pondering this question for a while and thought i would post here and see what your thoughts on the matter were. Obviously I know it is always best practice to upgrade to the latest SVN and get the latest Vicidial software, but is it really advisable to run zypper update on the system? I would have presumed at the time the Vicibox install was created ( version 6.0.3 ) that the software packages were known to be stable and working predictably as a whole, is it then a careless move to update the system from the repository?

Looking forward to hearing what people do for clean installs.

Many Thanks,
Nick

Re: Are Zypper Updates Advised?

PostPosted: Thu Jun 18, 2015 9:57 pm
by williamconley
You should run the zypper update and zypper upgrade scripts and reboot just before installing vicibox (after the OS install, before initiating the package installations). If you attempt this AFTER installing Vicibox (ie: asterisk and all supporting software), you may break asterisk and have to recompile it.

If there is actually a vulnerability (such as the recent heartbleed one), it is best to merely upgrade that individual package as opposed to the entire system.

This also works best if the system is properly locked down (whitelist access ONLY). In this way, the likelihood of anyone being able to take advantage of a vulnerability rests with their ability to get on that whitelist. Now we're moving away from "hacking" and moving towards "social hacking". At that point, of course, if someone can find a way to convince you to add their IP to your whitelist ... it's likely that you have a bigger problem than whether the "lograte app" is up-to-date in your OS. Right? 8-)

FYI: Dynamic Good Guys is free and available for download and installation. It also contains instructions for a pure and simple whitelist (thus: you don't need DGG, you CAN just follow the inclulded lockdown instructions instead!).

http://www.viciwiki.com/index.php/DGG

Re: Are Zypper Updates Advised?

PostPosted: Fri Jun 19, 2015 10:04 am
by dunketh
Thanks very much William, this would make a lot of sense as prior to installation would pull down the packages ready for compilation. As for the hacking issue we are very rigid in terms of alterations to the whitelist and it would take a serious amount of convincing to get an unknown ip added.
All times are UTC - 5 hours
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/