Secure OR Backed-Up?

Secure or Backed Up. You know – that should never be a choice you have to make. Would you like your data back, or would you like your data compromised, spread all over the place, misappropriated, and possibly used against you… with or without your knowledge. For me. I would rather off and gone forever than insecure.

Each to their own I guess.

“Priorities.”

Imagine what that would be like if they were your medical records, criminal records, bank details … the list goes on. Sure, there will breaches right left and centre and the chances are we will never know… but if you had to chose – which way would you fall?

A better question would be WHY THE HELL AM I FACED WITH THIS KIND OF A DECISION?
As I genuinely find myself trying to find a way to get Cloud Linux to NOT apply their deliciously timely kernel patches… no… really – through the view between my fingers cradling my head… I am looking at you R1soft. Yes. You. You caused this.

Let me explain how it comes to this:

//1. Step one – ooo – shiny new kernel – less holes, wolf, from door. Go team;

//2. Backups do not work now we have restarted. Okay.

//3. Hey no worries – lets build us a new R1soft CDP agent to allow the backups to continue:

root@redacted [16:26:00] [~] -> #  serverbackup-setup –get-moduleBuilding header archive …Session ID: 123456789Waiting to upload…Uploading file…Waiting in build queue…Building…Failed to get suitable module for this system: Failed to build module: redacted
Get module failed.Falling back to old get-module …

Checking if module needs updatedChecking for binary moduleWaiting                       /          No binary module foundGathering kernel informationGathering kernel information complete.Creating kernel headers packageChecking ‘/lib/modules/3.10.0-614.10.2.lve1.4.50.el7.x86_64/source/’ for kernel headersFound headers in ‘/lib/modules/3.10.0-614.10.2.lve1.4.50.el7.x86_64/source/’Compressing…Starting module build…Building                      /          kernel module installer failed. (0): Internal error encountered. Please contact supportRequest ID: (redacted)http://www.r1soft.com/distros/index.php?uuid=redacted

…..erm, okay? So that went well.Link – does not work. Upload to their documented module build. That doesn’t work either. Right. Erm, erm, erm.

//4. Phew – okay the r1agent build repository… ofcourse! take download – place in the /usr/lib/modules/r1soft directory – restart the service and BOOM back in action. So – checking out http://repo.r1soft.com/modules/CloudLinux_7_x86_64/

 

hcpdriver-cki-3.10.0-427.36.1.lve1.4.43.el7.x86_64.ko 03-Apr-2017 11:40 2.0M

hcpdriver-cki-3.10.0-427.36.1.lve1.4.44.el7.x86_64.ko 06-Apr-2017 10:04 2.0M

hcpdriver-cki-3.10.0-427.36.1.lve1.4.45.el7.x86_64.ko 06-Apr-2017 09:02 2.0M

…okay its 15th of June… no updates for over two months?! Last there is 4.45 and I need 4.50? Bugger. Well this is flipping useless.

//5. Raise a damned ticket. Enterprise Agent. Latest version of the server and it’s hateful Java UI, agent, built, kernel module. Best pre-empt their request – get a tar ball ready…

root@redacted [16:29:18] [~] -> #  serverbackup-setup –no-binary –kernel-dir /usr/src/kernels/3.10.0-614.10.2.lve1.4.50.el7.x86_64 –tarball-only /tmp/kernel-headers-for-r1soft.tar.gz

Checking if module needs updatedGathering kernel informationGathering kernel information complete.

Creating kernel headers packageChecking ‘/usr/src/kernels/3.10.0-614.10.2.lve1.4.50.el7.x86_64’ for kernel headersFound headers in ‘/usr/src/kernels/3.10.0-614.10.2.lve1.4.50.el7.x86_64’

Compressing…Header package created ‘/tmp/kernel-headers-for-r1soft.tar.gz’visit https://krnlbld.r1soft.com/ to do an offline module buildAfter it is complete, you will need to copy the module to /lib/modules/r1soft

…attach to the ticket… and wait. Right. So. Just another hundred or so hosts to deal with.

//6. Wait. Hoping they will reply with something useful as you have supplied hopefully everything they need – rather than another question, or “hi my name is [operative] I will be dealing with this for you”.

//7. Repeat this for all other kernel release versions you are seeing in play.

Enough is enough.

WHAT NEEDS TO HAPPEN HERE IS THE DEFACTO BACKUP PROVIDER NEEDS TO GET WITH THE PROGRAMME AND KEEP UP TO DATE WITH CURRENT KERNELS.

…. don’t make me have to look someone in the eye and agree to “yes – I will knowledgeably run insecure kernels so we can have backups” and smile / agree.

There is only so much of that kind of filth I can stomach.

Sort. It. Out.

One Response to “Secure OR Backed-Up?

  • UPDATE

    So today I have had some progress with these. In an almost textbook manner they go a little as follows:

    R1SOFT
    =======
    Q.: Can you upload a tarball of the headers for me?
    A.: I did that preempting your question and pointed it out in the initial email?
    Q.: I have escalated this to the Concerns Department*.

    CLOUD LINUX
    ============
    Q.: You want to do what? That, that would be a very bad idea. Explain more how this does not work.
    A.: The compile has failed for years, the fetch module doesn’t have one, the handraulic website modules do not have one since May, so nothing works.

Leave a Reply

Your email address will not be published. Required fields are marked *

%d bloggers like this:
Skip to toolbar