PDA

View Full Version : [ubuntu] 10.04 LTS Server kernel update.



btnoob
January 9th, 2011, 05:26 PM
Hello.

I am not very familiar with Ubuntu..so please be gentle :biggrin:.

I am runnig a home NAS based on 10.04 64bit using the server kernel. I did a update and the kernel version seems to be 2.6.32-27-server.

My question is :

1. Is it recommended that the kernel be update to the latest stable version from kernel.org
2. What sort of kernel update cycle does Ubuntu follow for the LTS Server kernel.
3. Is there a good (recommended) hardening guide for relatively light install. (ie no Apparmor)

Cheers....

btnoob
January 9th, 2011, 05:29 PM
Ah...just found this http://ubuntuforums.org/showthread.php?t=1663122

But it really does not answer what I am asking.

CharlesA
January 9th, 2011, 05:33 PM
I just use whatever kernel is in the default repos. Less work that way. There really isn't a reason to use a different kernel unless you are running into problems, or your hardware isn't supported by the kernel you are using.

As for hardening, what all do you have running on that server? You can do a bit without AppArmor.

btnoob
January 9th, 2011, 05:58 PM
I just use whatever kernel is in the default repos. Less work that way. There really isn't a reason to use a different kernel unless you are running into problems, or your hardware isn't supported by the kernel you are using.

As for hardening, what all do you have running on that server? You can do a bit without AppArmor.


Hi Charles..Thx for the reply. I was looking to update the kernel cos 2.6.32-27-server feels rather old. From a security point of view I would feel better, though every thing works just fine. That is why I wanted to know what is the (semi) official recomended guide to updating (or not) the kernel for a LTS install.

I only have Samba and ssh running with ufw. I installed using expert mode so it a bare bones system with samba, ssh, ufw and irqbalance slapped on.

CharlesA
January 9th, 2011, 06:12 PM
I see. The kernel is patched when security vulnerabilities are found. :)

Take a look here: www.ubuntu.com/usn

James78
January 9th, 2011, 11:04 PM
From a security point of view I would feel better, though every thing works just fine. That is why I wanted to know what is the (semi) official recomended guide to updating (or not) the kernel for a LTS install.

I see. The kernel is patched when security vulnerabilities are found. :)

Take a look here: www.ubuntu.com/usn
Ahh. Yup, as CharlesA stated, all the good security vulnerabilities and critical issues are backported to the kernel, for as long as 10.04 is supported, which is a bit since it's an LTS. So the only thing you're missing out on is new features/whatever changed in the kernel, but that's not a reason to upgrade unless you actually have a problem with the current kernel. :)

As for your hardening question, you could (should!) play with the syctl.conf file (read a tutorial first though, so you don't mess anything up). You can protect your system from things like mitm attacks, and spoofed IP's, just by changing the settings in there.

btnoob
January 10th, 2011, 02:20 PM
Thx Guys...