is it allowed to run production server on linux kernel 2.6.34 ?

is it allowed to run production server for web on linux kernel 2.6.34 ?
I suspect this bug have been exploited on my server:
http://www.exploit-db.com/search/?action=search&filter_description=Linux+Kernel+2.6.34
there is an infected php script.
Nusrat NuriyevAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

StampelCommented:
Hello, yes it still can be safe to use linux kernel 2.6.34.
The exploit you reference need the attacker to have a local system account to perform this attack. (ssh access)
This is certainly not the case.
What make you think you are infected ?
0
gheistCommented:
Kernel 2.6.34 (pure from kernel.org) is not very secure.
Do you have full version of it (uname -r)?
0
StampelCommented:
Whenever you use a proper firewall and your apache server is up to date
+ if you only let http port open, i doubt that this kernel would be a problem.
0
Do You Have a Trusted Wireless Environment?

A Trusted Wireless Environment is a framework for building a complete Wi-Fi network that is fast, easy to manage, and secure.

gheistCommented:
Anybody can consume all system RAM via CVE-2012-6638, firewall or not.
Thats one I remember, plus 100 others lost in time.
If you are patching from whichever still supported source 2.6.34-(whatever number) should be very good for any purpose
0
Nusrat NuriyevAuthor Commented:
Do you have full version of it (uname -r)?
2.6.34-12-desktop
uname -a
Linux opensuse 2.6.34-12-desktop #1 SMP PREEMPT 2010-06-29 02:39:08 +0200 x86_64 x86_64 x86_64 GNU/Linux  

How to patch that? maybe just update kernel? if I update it to the newest kernel could it cause any inconsistency in userspace programs behaviour? in FreeBSD I need to get updated both kernel + us + ports, what about suse?
0
gheistCommented:
It is OpenSUSE 11.3 , EOL
You can update to 11.4 evergreen
Or jump to 13.1 which will be evergreen
You can upgrade OpenSUSE with 4GB full install DVD ONLY
(Why not unify your platforms on FreeBSD, or CentOS, or opensuse evergreen for instance)
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Nusrat NuriyevAuthor Commented:
Well, every guy comes to the company with his own philosophy.
0
gheistCommented:
On the pretext that it is unmaintainable at least get it to FreeBSD -RELENG releases, CentOS&Fedora to CentOS 5 or 6 or 7-latest and OpenSUSE to evergreen release thet follows installed one.
At least you & company will have good oversight what is in the server room.

If you run typical apache and tomcat on 20 servers, maybe make load-balance cluster of two linux servers and 10 applications... You gain stability, 99.9% availability and 8 systems off your hands...
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Distributions

From novice to tech pro — start learning today.