[CentOS] Is it okay?

Fri Jan 21 19:13:39 UTC 2011
Lamar Owen <lowen at pari.edu>

On Friday, January 21, 2011 01:33:03 pm m.roth at 5-cent.us wrote:
> Lamar Owen wrote:
> > On Friday, January 21, 2011 12:34:57 pm m.roth at 5-cent.us wrote:
> >> Haven't seen the kernel break things, with the exception of *sigh*
> >> NVidia drivers.... I've also seen it reorder ethernet ports, but
> finally found
> >> the simple solution (/etc/sysconfig/network-scripts/ifcfg-ethx, and add
> >> the HWADDR)
> >
> > You use the RPMfusion kmod's, and use the yum plugin to protect them,
> > right?
> 
> For nVIdia? I've been manually building the driver using the proprietary
> kit. One of these days, I'll try the... who is it, rpmforge? that has the
> packages? If that works, I'll have a literal handful of machines that I'll
> do that for.

Sorry, not RPMfusion, but ELrepo.  See elrepo.org

Install yum-kmod (I have also install yum-kernel-module), then install whichever nvidia kmod you need from elrepo.  That should prevent kernel updates until the matching nvidia kmod is available.  The yum-kmod and yum-kernel-module plugins are part of regular CentOS, not third-party repos.

> > Linux localhost.localdomain 2.0.36 #3 Fri Apr 9 15:36:11 EDT 1999 i586
> 
> Argh! You're one of *those*....

Yep.  I have a couple of VAXstation 4000's here, and soon will have a smallish SGI multiprocessor box that I'm planning to load CentOS on..... I like old kit.  If I still had my PDP-8 now that would be interesting..... :-)

> Right, and it's not online. Big changes, if it ever does go online. Hey, I
> was just using my box a year and a half ago. But I built it for its
> purpose: no compilers, no X, no diddly-squat, *and* I'd run Bastille Linux
> on it. To the best of my knowledge, over 10 years, I'd never had an
> intrusion.

I have had intrusions; that box actually was originally RH 4.2, but got upgraded after an intrusion (which is when its direct internet went away....bind 4 vulnerability).  I've learned from those intrusions; good experience.  One was on a Ubuntu box, fully up-to-date at the time.  Turns out the password I thought was pretty unique wasn't; and it was a 'strong' password by most tools' estimation, being it had mixed case, numbers, and a punctuation symbol in it; it got infected with a slow-brute-forcer ssh worm, and when I saw the strange ssh traffic I shut it down; got a note about it, too.  Now I don't allow outbound port 22 to just anywhere (among a few other things; it's becoming to where I'm tempted to firewall outgoing as aggressively as I firewall incoming, but we still do too many academic 'things' that connect to unusual port numbers.....).

> > Filed a bug report, right? :-)
> 
> *If* I could pin down the exact cause, and I can't play around with the
> machine, since the user needed it *now*....

Just *now* and not *yesterday* ? :-)  But I understand; the goal of filing a report is to file a useful report, and 'it broke' is not a useful report....