CentOS 7 upgrades

Scientific Linux 6 (SL6) will reach the end of its maintenance life on 30-Nov-2020. We have to consider what to do with those systems that are still running SL6 before then.

--++ Why do we need to upgrade?

There are two reasons:


Once SL6 is no longer being maintained, if there are any security holes in it, hackers will be able to exploit it without fear that the exploits will be patched. That means that any system that can be accessed from the outside world (see the list below) will be vulnerable.

It's possible that hackers have be holding on to "zero-day" exploits and will start actively using them on 1-Dec-2020. I already know from the system logs that any Nevis system that allows outside access is already being attacked several times a minutes.


The national labs are closing down the SL6 versions of their software suites (e.g., LArSoft for MicroBooNE; Athena for ATLAS). Any system that runs SL6 might not be able to keep up with the latest versions of your software.

What can we do?

For any system still running SL6, there are two choices:

Upgrade to CentOS 7

This is the preferred solution. Unfortunately, it's complicated by the pandemic. I'm working on potential solutions (see below).

Cut off outside access

If I cut off outside access to a system via the firewall, then there's no particular security risk. You can still access the system via VPN.

This may be the best solution for systems that you need to keep running SL6 (e.g., upgrading would interfere with analysis effort, there's no SL6 support for a given software package, etc.).

Edit | Attach | Watch | Print version | History: r7 | r4 < r3 < r2 < r1 | Backlinks | Raw View | Raw edit | More topic actions...
Topic revision: r1 - 2020-09-28 - WilliamSeligman
This site is powered by the TWiki collaboration platform Powered by PerlCopyright © 2008-2020 by the contributing authors. All material on this collaboration platform is the property of the contributing authors.
Ideas, requests, problems regarding TWiki? Send feedback