[Honeywall] Updating Honeywall 1.4 with latest updates

carlopmart carlopmart at gmail.com
Thu Oct 16 12:34:23 EDT 2008


Ok, I will stay with default repos. Many thanks Earl.

Earl wrote:
> In theory it should be pretty safe but in practice pulling in 
> updates has been problematic.  This is why we decided to make 
> default behavior to pull updates from the Honeynet repo of tested 
> updates.  This leaves you open during the time between when updates 
> are issued from upstream and when the Project can get things tested 
> and uploaded to the Honeynet repository.
> 
> That said, we set things up so, if you desire, you can enabled the 
> same repos we get updates form (as you mention) on your own.  We 
> put as many sanity checks in as possible to help prevent bringing 
> in updates that will break things but there is certainly no 
> guarantee that won't happen.  This has been one of the biggest 
> challenges of maintaining a "Custom Linux Distro" built from 
> 1. A mainstream Linux Distro
> 2. A third party RPM repo
> 3. RPM's of our own built from scratch
> 4. RPMs built by others custom built by us
> 
> Many may remember the snort update fiascoes of long ago - this was 
> NOT a snort problem.  It was largely due to me not properly 
> excluding snort as an updatable package.  I *think* we're ok there. 
>  PERL modules are notoriously a huge PITA.  I bet there will ALWAYS 
> be pain there.
> 
> There's a simple script to handle repo config on roo or you can 
> just flip enablerepo=0/1 per config file.
> 
> hwrepoconf --show (show current settings) 
> hwrepoconf --enable all (turn all of them on)
> hwrepoconf --disable honeynet-test media (disable test/media)
> 
> to get back to the default setting:
> hwrepoconf --default
> 
> 
> Hope this helps.
> 
> Earl
> 
> On Thu, 16 Oct 2008 06:35:21 -0400 carlopmart 
> <carlopmart at gmail.com> wrote:
>> Hi all,
>>
>>  Today I have installed a new honeywall server to test some 
>> honeynet 
>> configurations. When I try to update packages, only honeynet repo 
>> is used, but 
>> honeywall use packages from EPEL, rpmforge, centos, etc. Can i 
>> enable these 
>> repos securely to update packages, except honeynet-test.repo??
>> -- 
>> CL Martinez
>> carlopmart {at} gmail {d0t} com
>> _______________________________________________
>> Honeywall mailing list
>> Honeywall at public.honeynet.org
>> https://public.honeynet.org/mailman/listinfo/honeywall
> 
> _______________________________________________
> Honeywall mailing list
> Honeywall at public.honeynet.org
> https://public.honeynet.org/mailman/listinfo/honeywall
> 


-- 
CL Martinez
carlopmart {at} gmail {d0t} com


More information about the Honeywall mailing list