IIAB/Security: Difference between revisions

From OLPC
Jump to navigation Jump to search
No edit summary
No edit summary
Line 3: Line 3:
* The following applies to CentOS-based XSCE school servers, towards downloading and automatically installing recent security patches & updates, that is if you have a reasonably fast connection, and are willing to take risks with certain packages breaking.
* The following applies to CentOS-based XSCE school servers, towards downloading and automatically installing recent security patches & updates, that is if you have a reasonably fast connection, and are willing to take risks with certain packages breaking.


* Run "[http://www.cyberciti.biz/faq/redhat-fedora-centos-linux-yum-installs-security-updates/ yum -y update --security]" if your system already has yum-security installed, typically via "[https://access.redhat.com/solutions/10021 yum install yum-security]". In the past we ran "yum -y update" but that installs far too many untested and diverse updates/upgrades across the board, adding features not directly related to security.
* Run <code>[http://www.cyberciti.biz/faq/redhat-fedora-centos-linux-yum-installs-security-updates/ yum -y update --security]</code> if your system already has yum-security installed, typically via <code>[https://access.redhat.com/solutions/10021 yum install yum-security]</code>. In the past we ran "yum -y update" but that installs far too many untested and diverse updates/upgrades across the board, adding features not directly related to security.


* If you notice Wikipedia-like item are no longer accessible from http://schoolserver.lan, try running the following as root:
* If you notice Wikipedia-like item are no longer accessible from http://schoolserver.lan, try running the following as root:

Revision as of 23:58, 9 August 2015

Some security tips that will become more professional as time goes on:

  • The following applies to CentOS-based XSCE school servers, towards downloading and automatically installing recent security patches & updates, that is if you have a reasonably fast connection, and are willing to take risks with certain packages breaking.
  • Run yum -y update --security if your system already has yum-security installed, typically via yum install yum-security. In the past we ran "yum -y update" but that installs far too many untested and diverse updates/upgrades across the board, adding features not directly related to security.
  • If you notice Wikipedia-like item are no longer accessible from http://schoolserver.lan, try running the following as root:
 xsce-make-kiwix-lib
 systemctl restart kiwix-serve
  • If ownCloud updates itself, users visiting http://schoolserver.lan/owncloud may face error message "You don't have permission to access /owncloud on this server." Fix guideline forthcoming.