[ale] CRITICAL LINUX FLAW OPENS THE DOOR TO FULL ROOT ACCESS (RHE)
Solomon Peachy
pizza at shaftnet.org
Thu May 17 16:53:25 EDT 2018
On Thu, May 17, 2018 at 03:52:26PM -0400, Raj Wurttemberg via Ale wrote:
> Really?? I know that all of our network gear AND servers are static. I only
> use DHCP on client and WiFi networks.
We had a master list of IP<->MAC addresses, and that was used to
generate DNS/rDNS, DHCP tables, and kickstart configurations. No
hand-edited anything. No accidentally using someone else's address or
misconfiguring some other parameter.
It meant everything got set up the same way, and didn't rely on being
able to remotely access a system to make configuration changes
(ala ansible/etc) that tend to go along with taking a system out of test
into production. (or flaky BMCs or network KVM switches!)
- Solomon
--
Solomon Peachy pizza at shaftnet dot org
Coconut Creek, FL ^^ (email/xmpp) ^^
Quidquid latine dictum sit, altum videtur.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 195 bytes
Desc: not available
URL: <http://mail.ale.org/pipermail/ale/attachments/20180517/698c8efe/attachment.sig>
More information about the Ale
mailing list