RE: [Bastille-linux-discuss] Red Hat version numbers and names
This tool locks down Linux and UNIX systems.
Brought to you by:
jay
Menu
▾
▴
RE: [Bastille-linux-discuss] Red Hat version numbers and names
|
From: <Zie...@re...> - 2003-03-13 21:43:22
|
I think it's best to show the examples. This is a line from Advanced Server 2.1:
Red Hat Linux Advanced Server release 2.1AS (Pensacola)
Red Hat 7.2 (I think since I don't have it here at Reuters):
Red Hat Linux release 7.2 (Enigma)
I think mapping names to version numbers for Red Hat would be nice because it's not numerical and it's something bigger to grab:
if (-e /etc/redhat-release ) {
open REDHAT,"/etc/redhat-release";
$release = <REDHAT>;
if ($release =~ 'Pensacola') {
$distro = '7.2'; # Defaulting Red Hat Advanced Server 2.1 to Red Hat 7.2 since they're almost identical
}
if ($release =~ 'Enigma') {
$distro = '7.2';
}
if ($release =~ 'Zoot') {
$distro = '6.2';
}
}
Now, in general, I don't think there should be any guessing or defaults in Bastille. For example if it can't recognize the Red Hat distribution version it should exit or prompt the user for the version number. It is safe to say at the moment Advanced Server is not supported at all and yet it runs and attempts to apply configuration that's meant for Red Hat 6.2. This could spell out trouble for some.
What do you guys think?
PS. I am a consultant for Reuters hired by Intel as part of the deal that includes HP. Do you work directly for HP?
Ziemowit Pierzycki
Development Engineer
Reuters America Inc.
"BUCK,KEITH
(HP-FtCollins To: Ziemowit Pierzycki/OAK/US/Reuters@REUTERS,
,ex1)" bas...@li...
<keith_buck@h cc:
p.com> Subject: RE: [Bastille-linux-discuss] Red Hat version numbers and
names
03/13/2003
02:41 PM Header: Internal Use Only
Ziemowit Pierzycki wrote:
> I have been looking into proposing a patch that enables
> support for Red Hat Advanced Server 2.1 and it seems to me
> that it would be more logical to use release names instead of
> numbers. Am I wrong or am I right? What do you guys think?
>
No strong opinions, but I like numbers better. Now, the mapping
between 2.1 and 7.2...that's where we get into trouble. I have
no idea what the proper mappings are (maybe Redhat has an algorithm
somewhere)
However, if we use release names (like 'zoot', right?), then we've
got this mapping problem for everything rather than just vendors
who don't keep their numbering nice and mathematical. (HP does
this too, with HP-UX 11i version 1.6 and the like, but the uname
stay consistent so programs can work. uname doesn't work on RH
because it's 'Linux')
> Further more. Why not change the default fall back for Red
> Hat from 6.2 to 7.2. With the more current releases having
> similar packages; therefore configuration (ex. inetd and
> xinetd) files it would seem more logical.
>
Maybe:
if ( -e /etc/redhat-release ) {
if ( -e /etc/inetd.conf ) {
# default to earliest version (6.0?)
} else {
# default to latest supported version (7.3?)
}
}
Of course, don't hardcode the path names. When a vendor is
doing their own support for Bastille (as HP is for HP-UX),
then it's possible to keep up. What we have chosen is to
error out and stop if it's not something we know about and
have explicitly tested. So, we don't need such heuristics.
This is safer in the sense that we're more sure it will work,
but one might argue that a half-bastille'd machine is better
than none at all. It just better be obvious that Bastille
hasn't been tested yet, so do it yourself.
just some thoughts...
-Keith
-----------------------------------------------------------------
Visit our Internet site at http://www.reuters.com
Get closer to the financial markets with Reuters Messaging - for more
information and to register, visit http://www.reuters.com/messaging
Any views expressed in this message are those of the individual
sender, except where the sender specifically states them to be
the views of Reuters Ltd.
|