Canonical, the commercial sponsor of the Linux distribution Ubuntu, asserted there has to be some decisive Ubuntu community action to make sure it doesn’t suffer another outage.
Canonical had to shut down five of eight servers in order to avert potential hacker attacks earlier this month.
“Either their servers come into the Canonical Data Center and are managed with the same rigor as all other servers, or they opt out of the Canonical Data Center and are managed independently,” Gerry Carr, Canonical’s marketing manager, told LinuxInsider.
No More Ambiguity
“This removes any ambiguity in their status and will prevent this type of incident happening again,” Carr said.
Ubuntu, a Debian-based Linux distribution, had to shut down more than half of its community servers recently because they appeared to have been commandeered by hackers, who could then launch attacks.
According to Ubuntu community accounts, the members first learned that one of the machines had been compromised and was being used to try to hack other machines. Then, it was discovered that five of the eight machines had been compromised. The machines were promptly shut down.
There was no big surprise about their vulnerability, however. Servers in question were running out-of-date software and were missing security patches.
Canonical on Monday also commented on the server outage in a definitive way to quell any jitters among Ubuntu users. “Any work with our partners or customers was and is completely unaffected, as is anything core to the Ubuntu project, including all downloads of every flavor of Ubuntu,” Carr told LinuxInsider.
The servers in question were for community functions such as blogs and local documentation, and not for downloadable software. Nonetheless, Canonical apparently was not amused.
A Lack of TLC
“The servers affected were local community servers, that is servers used by the Ubuntu community for individual projects, local Web sites, and, as we see, a number of their own software projects,” Carr said. “These were managed by a combination of Canonical and community members, and frankly, this arrangement did not work.”
Core production servers get the security TLC from Canonical. The incidents, said Carr, involved “a separate discrete set of servers housed in separate facility on a different network and managed differently.”
To err is, well, Ubuntu. Roughly translated, it means humanness. Figuring out a well-managed construct for all Ubuntu servers, at least for Canonical, will be divine.