[BlueOnyx:06066] Re: Packages for blueonyx CentOS 5

Chris Gebhardt - VIRTBIZ Internet cobaltfacts at virtbiz.com
Thu Dec 9 14:30:51 -05 2010 

support at first-priority.yi.org wrote:
> iptables-1.3.5-5.3 very old, and also generates the memory leak easily. 

The memory leak you speak of has been rectified under 
https://rhn.redhat.com/errata/RHBA-2009-1539.html

> Blueonyx should reboot with the latest hardware. 

Perhaps you mean software?

> Ver 1.3.5# is an already-known vulnerability and doesn't accept a lot of commands.

BlueOnyx utilizes the iptables as distributed by the CentOS team which 
in turn utilizes packages from the upstream provider (Red Hat).  If you 
are keeping your server up to date using YUM, then you already have the 
latest release which is engineered for the system (and corrects the 
reported memory leak)
https://rhn.redhat.com/errata/RHBA-2009-1539.html

In any event, as Taco mentioned previously, since BlueOnyx runs on 
CentOS 5, it uses the 2.6.18 kernel.  Any updates to iptables for use 
with later kernels would not be relevant.

Again, all BlueOnyx systems that have been YUM updated within the past 
year are running iptables-1.3.5-5.3.el5_4.1, the lastest CentOS approved 
version.

> Most blueonyx users are uncorrected and it seems not to be able to correct the setting of iptables.

I will echo the same recommendation that has been made time and again in 
the past:  Avoid installing 3rd party RPM's whenever possible. 
Installing an outside package is very likely to break your YUM updates.

> Some trouble occurs in the operation of ossec and csf if the package of Centos5 is used as it.

Neither of those are included with the BlueOnyx distribution.  In 
addition, neither of the two primary PKG suppliers appear to be 
distributing either one.   Therefore, I wouldn't be concerned with this.

Once again, install the advertised packages at your own peril.  Even if 
(best case scenario) the package vendor is legit and the packages do not 
compromise your server, you're likely to wind up having problems down 
the road with rpm dependencies.   I'll not be trying this out on any of 
my systems, and would advise my customers accordingly.

-- 
Chris Gebhardt
VIRTBIZ Internet Services
Access, Web Hosting, Colocation, Dedicated
www.virtbiz.com | toll-free (866) 4 VIRTBIZ

More information about the Blueonyx mailing list