[Systems] freedom and justice are going to have maintenance downtime tomorrow ...

[Stefan Unterhauser]

hi all,

thanks to Bernie we found a way to update the IPMI remotely,
without having to reboot all the machines

we also checked on both virtual machine hosts (freedom justice) for
possible rootkits
without finding any


conclusion no downtime for servers tomorrow
-> sorry for the false alarm ;)

xo
dogi

On Mon, Sep 22, 2014 at 9:32 PM, Stefan Unterhauser <stefan at unterhauser.name
> wrote:

>
>
> On Mon, Sep 22, 2014 at 9:23 PM, Jeffrey Warren <jeff at publiclab.org>
> wrote:
>
>> Thanks Dogi for the heads up -- this affects all PL services except for
>> MapKnitter, right?
>>
>
> exactly
>
> virtual machines:
>
> freedom:~# virsh list
>  Id    Name                           State
> ----------------------------------------------------
>  2     spectralwb                     running             <- Publiclab
>  3     nicole                         running
>  4     honey                          running
>  6     kuckuck                        running
>  7     plots2                         running             <- Publiclab
>  8     jerry                          running
>  9     dogleash                       running
>  10    replicator                     running
>  11    owncloud                       running
>  12    teachermate                    running
>  13    pad                            running             <- Publiclab
>  14    pirate                         running
>  15    rickshaw                       running
>  16    infragram                      running             <- Publiclab
>  17    munin                          running
>  18    buildslave-i386                running         <- Sugarlabs
>  19    plots2-test                    running             <- Publiclab
>
>
> justice:~# virsh list
>  Id Name                 State
> ----------------------------------
>   1 pootle               running         <- Sugarlabs
>   2 pye-zatoichi         running         <- Sugarlabs
>   4 amnesia              running         <- Sugarlabs
>   5 jita                 running         <- Sugarlabs
>   6 mothership           running         <- Sugarlabs
>   7 atls                 running         <- Sugarlabs
>  13 lightwave            running         <- Sugarlabs
>
>
>> On Mon, Sep 22, 2014 at 9:22 PM, Stefan Unterhauser <
>> stefan at unterhauser.name> wrote:
>>
>>> Hi all,
>>>
>>> just got a mail from Necsys (Medialab),
>>> that both of our remote server management services (IPMI
>>> <http://en.wikipedia.org/wiki/Intelligent_Platform_Management_Interface>)
>>> got compromised
>>> and are doing DDOS stuff ...
>>>
>>>
>>> http://arstechnica.com/security/2014/06/at-least-32000-servers-broadcast-admin-passwords-in-the-clear-advisory-warns/
>>>
>>> that is why tomorrow I will flash them with the newest ipmi-version
>>> (last update I did when we installed the machines a year ago or more)
>>>
>>> which means I have to take machines offline for some time
>>> -> hope I can do that in less then an hour per machine
>>>
>>> xo
>>> dogi
>>>
>>> PS: my phonenumber is 617 767 2668
>>>
>>
>>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.sugarlabs.org/private/systems/attachments/20140922/3e656245/attachment.html>