Hi Guys,
I have been pondering this question for a while and thought i would post here and see what your thoughts on the matter were. Obviously I know it is always best practice to upgrade to the latest SVN and get the latest Vicidial software, but is it really advisable to run zypper update on the system? I would have presumed at the time the Vicibox install was created ( version 6.0.3 ) that the software packages were known to be stable and working predictably as a whole, is it then a careless move to update the system from the repository?
Looking forward to hearing what people do for clean installs.
Many Thanks,
Nick
Are Zypper Updates Advised?
Moderators: enjay, williamconley, Staydog, mflorell, MJCoate, mcargile, Kumba
3 posts
• Page 1 of 1
Are Zypper Updates Advised?
by dunketh » Mon Jun 15, 2015 9:26 am
- dunketh
- Posts: 2
- Joined: Mon Jun 15, 2015 9:14 am
Re: Are Zypper Updates Advised?
by williamconley » Thu Jun 18, 2015 9:57 pm
You should run the zypper update and zypper upgrade scripts and reboot just before installing vicibox (after the OS install, before initiating the package installations). If you attempt this AFTER installing Vicibox (ie: asterisk and all supporting software), you may break asterisk and have to recompile it.
If there is actually a vulnerability (such as the recent heartbleed one), it is best to merely upgrade that individual package as opposed to the entire system.
This also works best if the system is properly locked down (whitelist access ONLY). In this way, the likelihood of anyone being able to take advantage of a vulnerability rests with their ability to get on that whitelist. Now we're moving away from "hacking" and moving towards "social hacking". At that point, of course, if someone can find a way to convince you to add their IP to your whitelist ... it's likely that you have a bigger problem than whether the "lograte app" is up-to-date in your OS. Right?
FYI: Dynamic Good Guys is free and available for download and installation. It also contains instructions for a pure and simple whitelist (thus: you don't need DGG, you CAN just follow the inclulded lockdown instructions instead!).
http://www.viciwiki.com/index.php/DGG
If there is actually a vulnerability (such as the recent heartbleed one), it is best to merely upgrade that individual package as opposed to the entire system.
This also works best if the system is properly locked down (whitelist access ONLY). In this way, the likelihood of anyone being able to take advantage of a vulnerability rests with their ability to get on that whitelist. Now we're moving away from "hacking" and moving towards "social hacking". At that point, of course, if someone can find a way to convince you to add their IP to your whitelist ... it's likely that you have a bigger problem than whether the "lograte app" is up-to-date in your OS. Right?
FYI: Dynamic Good Guys is free and available for download and installation. It also contains instructions for a pure and simple whitelist (thus: you don't need DGG, you CAN just follow the inclulded lockdown instructions instead!).
http://www.viciwiki.com/index.php/DGG
Vicidial Installation and Repair, plus Hosting and Colocation
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
Newest Product: Vicidial Agent Only Beep - Beta
http://www.PoundTeam.com # 352-269-0000 # +44(203) 769-2294
- williamconley
- Posts: 20019
- Joined: Wed Oct 31, 2007 4:17 pm
- Location: Davenport, FL (By Disney!)
Re: Are Zypper Updates Advised?
by dunketh » Fri Jun 19, 2015 10:04 am
Thanks very much William, this would make a lot of sense as prior to installation would pull down the packages ready for compilation. As for the hacking issue we are very rigid in terms of alterations to the whitelist and it would take a serious amount of convincing to get an unknown ip added.
- dunketh
- Posts: 2
- Joined: Mon Jun 15, 2015 9:14 am
3 posts
• Page 1 of 1
Return to ViciBox Server Install and Demo
Who is online
Users browsing this forum: No registered users and 39 guests