[Honeywall] Updating Honeywall 1.4 with latest updates

Earl esammons at hush.com
Thu Oct 16 10:59:05 EDT 2008

In theory it should be pretty safe but in practice pulling in 
updates has been problematic.  This is why we decided to make 
default behavior to pull updates from the Honeynet repo of tested 
updates.  This leaves you open during the time between when updates 
are issued from upstream and when the Project can get things tested 
and uploaded to the Honeynet repository.

That said, we set things up so, if you desire, you can enabled the 
same repos we get updates form (as you mention) on your own.  We 
put as many sanity checks in as possible to help prevent bringing 
in updates that will break things but there is certainly no 
guarantee that won't happen.  This has been one of the biggest 
challenges of maintaining a "Custom Linux Distro" built from 
1. A mainstream Linux Distro
2. A third party RPM repo
3. RPM's of our own built from scratch
4. RPMs built by others custom built by us

Many may remember the snort update fiascoes of long ago - this was 
NOT a snort problem.  It was largely due to me not properly 
excluding snort as an updatable package.  I *think* we're ok there. 
 PERL modules are notoriously a huge PITA.  I bet there will ALWAYS 
be pain there.

There's a simple script to handle repo config on roo or you can 
just flip enablerepo=0/1 per config file.

hwrepoconf --show (show current settings) 
hwrepoconf --enable all (turn all of them on)
hwrepoconf --disable honeynet-test media (disable test/media)

to get back to the default setting:
hwrepoconf --default

Hope this helps.


On Thu, 16 Oct 2008 06:35:21 -0400 carlopmart 
<carlopmart at gmail.com> wrote:
>Hi all,
>  Today I have installed a new honeywall server to test some 
>configurations. When I try to update packages, only honeynet repo 
>is used, but 
>honeywall use packages from EPEL, rpmforge, centos, etc. Can i 
>enable these 
>repos securely to update packages, except honeynet-test.repo??
>CL Martinez
>carlopmart {at} gmail {d0t} com
>Honeywall mailing list
>Honeywall at public.honeynet.org

More information about the Honeywall mailing list