Fwd: Re: rant of the day: installing fedora

Mon Jul 8 16:39:47 UTC 2013

On Mon, 8 Jul 2013, davidschaak1 at mobilicity.blackberry.com wrote:

> Sorry for top posting this. My bb won't allow bottom posting.
>
> My $0.02 on this topic.
>
> My nfs server is running fc5. Very outdated but I see no reason to upgrade it as there are 3 firewalls between it and the Net. It is doing what I want it to do. Serve files.
>
> My other machines are all F17. Only one of them is connected to the net. They do specialized tasks.
>
> If your OS is doing what you want, you have had no crack attempts, and is working properly, why upgrade your OS?
>
> Dave
> Sent from my BlackBerry® smartphone powered by Mobilicity
>

One security-oriented response to your statement is that you fundamentally never know whether or not you have been compromised.  You only know you have not discovered evidence of a compromise.  I have a friend who worked for the government.  His job was, literally, to break into homes/businesses and manually install keyloggers on computers (with a warrant, I assume).  His whole orientation was to ensure that there was no evidence of his intrusion, since he was all about surveillance.

I tend to upgrade my personal box via fresh install just as a periodic spring cleaning.  The bottom line is that I know a lot of stuff about these computing machines, but I don't know everything.  There's always the chance that there's some security breach that I don't know about, some rootkit that has outwitted me, etc.  And, of course, a lot of these compromises lay dormant for a long time before they pop up and you find yourself the source of spam or a zombie in a DoS or something.  Yeah, I'm careful.  Yeah, I run tripwire.  Yeah, I read my logs.  But still...

So, every couple of months, I back up my box and install something.  Usually it's Fedora, but every now and then it's something else just for kicks.  Mint was fun.  Mageia was a little disappointing.  Backtrack was cool.

What does that do for me?  Well, I clean my disk.  If I have an intrusion, it's gone. I wipe my slack space.  I'm not going to be anybody's zombie in the near future.  I get to learn about some new stuff, because there's always some new stuff.  Since I always do an epoch-level backup at that point, then I know I have a full backup in my pocket.

Setting up the servers again is really not much of a hassle for a one-horse operation like mine.  If I ran a distributed web server with a hundred boxes and had my own mini-isp, then it might be a problem.  But with basically a couple of personal/home-business boxes, and one-box mailserver, webserver, nameserver, etc., it takes just a few more minutes after the installation to get back up in business.  You just gotta plan things out.  I could speed it up even more by scripting it, but I like to poke around by hand.

The only time this hasn't held is when I moved some of my stuff to a virtual box in the cloud.  It turns out that apparently you gotta get the box reprovisioned by the company running the virtual server (at least for me), so it's a hassle getting everything done on my schedule.  Choosing F16 was a mistake -- I can't even upgrade because I can't see or interact with the boot screen.  I'm moving to CentOS for that machine, and will likely sit on it for awhile...

billo