At 12:54 kernel upgrades are completed.  Sorry this took so long but one physical host failed to boot properly.  The Nvidia graphics card did not initialize properly and systemd brought the machine up into single user mode but not multi-user mode so I could not access from here.  I had to drive to the Co-Location facility which is 22 miles away and there was construction work at the I-5 / I-90 interface that made that take longer than it should have.

     I am still checking NIS/NFS mounts, but all the basic subsystems are up and running.

     I’ve tested 6.07 and 6.08 and both seemed to have resolved the issue with squashfs, so will be doing kernel upgrades.  Provided they haven’t introduced new bugs, this should eliminate all bugs of any operational consequence.  There still is an issue with startup of centos7 and scientific7 but that only generates an error message and is of no operational consequence and, according to developers, that bug will be addressed in 6.2, so still a ways off.

     This will affect off of Eskimo North’s services including our public services https://friendica.eskimo.com/, https://hubzilla.eskimo.com/, https://nextcloud.eskimo.com/, and https://yacy.eskimo.com/ as well as our own website, all the sites we host and virtual private servers.

     Downtime for any one service should not exceed about ten minutes except for yacy which takes around 40 minutes to rebuild it’s database after a reboot.  This operation should be completed by midnight.

     The FTP server is restored and somewhat better secured.

     I do not know what exploit they used because all of the known exploits for wu-ftpd I had fixed, so this is one not known, however, it would appear they only had anonymous user permissions as nothing outside of the ftp directory was disturbed.  Since the server mounts the ftp directory off of another file server via NFS, I have chattr +i the files and directories they should not be allowed to change on the host machine.  Since chattr does not work across NFS there is no way for them to change it even if they were to somehow get root access so this should largely secure the server.  I am going to create a apparmor profile for it just as an additional security measure.

     Someone apparently found an exploit that allowed them to really trash the public directory of our ftp server.  Consequently, anonymous access is extremely restricted until I’ve been able to restore the directories from backups, modify some file permissions and create an apparmor profile to limit potential damage in the future.

     6.0.6 did not fix either of the outstanding bugs affecting the current kernel on our servers, therefore I will NOT be doing a kernel upgrade this Friday.

If you have received an e-mail like this, DO NOT RESPOND to it.  It is what is known as as phishing scam, an attempt by a third party to obtain your authentication information and hack your account.  There has been a recent significant uptick in these, mostly originating in foreign countries such as Iran and Bahrain.  We do not use a password aging system here.  My personal experience with such systems is they cause more problems than they are worth.  If passwords are poorly chosen, a system that forces you to choose a new one on the spot is not likely to result in stronger passwords.