Is Linux version 2.4.21-40.ELsmp secure?

dwh2

Well-Known Member
Jan 14, 2004
106
0
166
I'm supposed to be on Red Hat Enterprise, which I heard is not affected by the recent kernel vulnerability.

But just to be sure, does this sound secure to you or do I need to update?

# cat /proc/version
Linux version 2.4.21-40.ELsmp ([edit]@[edit].build.redhat.com) (gcc version 3.2.3 20030502 (Red Hat Linux 3.2.3-54)) #1 SMP Thu Feb 2 22:22:39 EST 2006
 

AndyReed

Well-Known Member
PartnerNOC
May 29, 2004
2,221
4
193
Minneapolis, MN
dwh2 said:
I'm supposed to be on Red Hat Enterprise, which I heard is not affected by the recent kernel vulnerability.

But just to be sure, does this sound secure to you or do I need to update?
If you really need to learn about kernel security, read this article which addresses your very question: http://www.securityfocus.com/columnists/296

In addition, I always urge our clients and the cPanel users to be vigilant about securing and hardening their servers. This is a continuous projcess and you have to saty on top of server security, otherwise you might loose.
 
Last edited:

dwh2

Well-Known Member
Jan 14, 2004
106
0
166
Thanks for responding but...that article was about how Linux needs better security. I couldn't find where it addressed my question. Did I miss something or did you link the wrong article by mistake?

BTW, I ran up2date -u and rebooted and it still says the same version...
 

dwh2

Well-Known Member
Jan 14, 2004
106
0
166
In /var/log/messages I'm seeing lines starting with kernel:
Some say lots of weird wording like:
** IN_TCP DROP ** IN=eth0 OUT=MAC= (some mac address)....
I think those are related to BFD or APF firewall but not sure.
At the end I'm getting some lines like:

smb_get_length: recv error =5
smb_request: result -5, setting invalid
smb_retry: successful, new pid=nnnn, generation=9
 

chirpy

Well-Known Member
Verifed Vendor
Jun 15, 2002
13,462
25
473
Go on, have a guess
dwh2 said:
I'm supposed to be on Red Hat Enterprise, which I heard is not affected by the recent kernel vulnerability.

But just to be sure, does this sound secure to you or do I need to update?
You should update the kernel to the latest one from RH. You should signup to their OS announcement mailing list so that you're notifed of errata and security releases which include an explaination of the reason for the updated package (including kernels) and their likely severity if security related.
 

dwh2

Well-Known Member
Jan 14, 2004
106
0
166
chirpy said:
You should update the kernel to the latest one from RH. You should signup to their OS announcement mailing list so that you're notifed of errata and security releases which include an explaination of the reason for the updated package (including kernels) and their likely severity if security related.
Thanks. It really is all so confusing I'm not sure which mailing list I'm supposed to even join?

Did I make a mistake by trying
up2date -u
?

I can't understand why it still says the same version.

BTW Chirpy, I once tried to hire your services to watch over my server, but I never heard back from you by PM or by email...