Skip to content

OpenLogic 是如何製作 CentOS 修補程式

針對生命週期結束(EOL)的 CentOS 進行修補程式製作,是一項複雜且精細的工作。OpenLogic by Perforce 的技術專家分享了如何透過回溯移植(Backporting)和測試流程,為舊版 CentOS 提供持續的安全更新,確保其在生命週期結束後仍然穩定可靠。

回溯移植是針對生命週期結束的操作系統版本,將上游的最新修補程式,調整並應用於舊版軟件的過程。這並非簡單的直接套用,而是需要根據舊版系統的架構和特性,進行細緻的改寫與測試。例如,CentOS 7 使用的許多軟件,自第一個版本發布以來幾乎未有更新,這意味著新的修補程式可能無法直接適用,需要進行技術處理。

在修補程式製作的流程中,OpenLogic 會首先分析每個漏洞(CVE)的詳細信息,包括漏洞的攻擊向量、影響範圍及嚴重性,並決定修補程式優先次序。接著,檢查上游可用的修補程式或原始碼,然後針對舊版系統進行改寫,確保其與現有環境兼容。例如,在處理像 OpenSSL 這類底層庫時,必須確保修補程式不會影響依賴該庫的其他應用程式。

修補程式移植完成後,OpenLogic 會執行多層次的測試,包括基本功能測試、軟件包內置的測試套件,以及 CentOS 自身的功能測試套件。這些測試確保修補程式能在安裝後維持系統的穩定性和正常運行。

此項技術過程摘錄自 OpenLogic 的網絡研討會《CentOS 7 生命週期結束:為何你需要現在開始規劃 EOL 應對措施》,該研討會旨在幫助公司企業應對 CentOS 7 生命週期結束所帶來的挑戰。OpenLogic 的修補程式製作流程展現了他們在支援 EOL 系統上的專業與承諾,為仍在使用舊版 CentOS 的公司企業提供了可靠的安全保障。

關於 OpenLogic

OpenLogic 由 Perforce 提供完整的企業級支援和服務,專為在其基礎設施中使用開源軟件的公司企業而設計。我們支援超過 400 種開源技術,提供保證的服務水準協議(SLA),並可直接與經驗豐富的企業架構師溝通。透過我們的 24×7 工單支援、專業服務和培訓,OpenLogic 提供綜合且全面的開源支援解決方案。

關於Version 2

Version 2 Digital 是立足亞洲的增值代理商及IT開發者。公司在網絡安全、雲端、數據保護、終端設備、基礎設施、系統監控、存儲、網絡管理、商業生產力和通信產品等各個領域代理發展各種 IT 產品。透過公司龐大的網絡、通路、銷售點、分銷商及合作夥伴,Version 2 提供廣被市場讚賞的產品及服務。Version 2 的銷售網絡包括台灣、香港、澳門、中國大陸、新加坡、馬來西亞等各亞太地區,客戶來自各行各業,包括全球 1000 大跨國企業、上市公司、公用事業、醫療、金融、教育機構、政府部門、無數成功的中小企及來自亞洲各城市的消費市場客戶。

Leading the Guard: What MSPs Need to Know About Cybersecurity Heading Into 2025

As 2025 looms on the horizon, MSPs are grappling with an ever-shifting cybersecurity landscape. The stakes are higher than ever, with small and medium-sized businesses continuing to face relentless cyber threats. While MSPs play a critical role in shielding these businesses, the road ahead is not without its twists and turns.

Drawing from recent insights—including our Guardz survey, which found that 77% of MSPs are struggling to manage multiple cybersecurity solutions—I want to unpack the challenges, risks, and opportunities MSPs should have on their radar for the year ahead.

Top Challenges for MSPs 

1. The Complexity Conundrum

Managing cybersecurity point solutions has become a juggling act and not a fun one. With every new tool claiming to solve the latest threat, MSPs find themselves buried under layers of complexity. Our survey underscores this pain point: nearly 8 in 10 MSPs find it difficult to consolidate their cybersecurity stack.

Why does this matter? Complexity slows response times, increases the chances of misconfigurations, and ultimately leaves gaps that cybercriminals are all too happy to exploit.

2. Identities at the core 

Account compromise is climbing the ranks as one of the most persistent and damaging cyber threats. Cybercriminals are finding new ways to exploit weak or reused credentials, phishing unsuspecting employees, and bypass multi-factor authentication (MFA) through methods like MFA fatigue attacks, stolen tokens, etc.

For MSPs, this means prioritizing solutions that protect Identities—not just at login but throughout their lifecycle. Continuous monitoring, behavioral analytics, and robust identity management strategies are becoming essential across cloud directories, email, devices, data, and training.

3. Supply Chain Attacks on the Rise

It’s no longer enough to protect your clients; you also have to worry about the vendors and partners they rely on. Supply chain attacks are becoming alarmingly common, and MSPs are often caught in the crossfire.

These attacks exploit the trust inherent in software and hardware providers, making them insidious and hard to detect. For MSPs, ensuring clients’ security now means scrutinizing third-party relationships more than ever.

The Big Risks MSPs Face

1. Underestimating the Human Factor

We like to talk about firewalls and encryption, but let’s not forget that most breaches start with a simple mistake—like clicking on a phishing link. MSPs often focus on tech solutions while overlooking the importance of training end users.

If employees at your client’s organization aren’t part of the cybersecurity conversation, you’re leaving a major vulnerability wide open.

2. Burnout of technicians 

Running an MSP is tough. Cyber threats are 24/7, and the demands on your time and energy are relentless. In addition, monitoring and implementing dozens of point solutions for every client adds more challenges and a level of constant pressure can lead to burnout, affecting your business and the quality of service you provide to clients.

3. Cyber Insurance Complexity

Cyber insurance can be a lifeline for SMBs after a breach—but obtaining and maintaining coverage has become increasingly complex. Insurers are tightening their requirements, and MSPs are often called upon to ensure clients meet them. The risk? Falling short could leave clients exposed and MSPs under fire.

Opportunities for MSPs in 2025

Amid these challenges, MSPs have opportunities to elevate their game and deliver even more value to SMB clients.

1. Consolidation is King

One of the clearest takeaways from our survey is the need for streamlined cybersecurity solutions. MSPs can differentiate themselves by adopting unified platforms that simplify management without sacrificing protection. The less time you spend wrangling tools, the more time you have to focus on strategic initiatives.

2. Leveraging AI For Faster Responses

AI is rapidly transforming cybersecurity operations, and MSPs that harness its power will gain a significant edge. AI-driven tools can automate repetitive tasks, identify threats faster than any human analyst, and deliver real-time responses to incidents.

For MSPs, AI isn’t just a luxury—it’s becoming a necessity. By integrating AI-powered solutions into their offerings, MSPs can enhance efficiency, reduce response times, and ensure a higher level of protection for their clients. This not only improves outcomes but also frees up valuable time to focus on strategy and growth.

3. Proactive Risk Management

The days of reactive cybersecurity are over. MSPs that adopt a proactive approach—focusing on threat intelligence, vulnerability management, and regular penetration testing—can set themselves apart. SMBs are looking for partners who can anticipate problems before they arise.

4. Building a Cybersecurity Culture

While tools are essential, fostering a culture of cybersecurity awareness within SMBs is equally critical. MSPs have a unique opportunity to offer training and workshops that empower employees to become the first line of defense against cyber threats.

5. Expanding Services to Include Cyber Insurance 

With the cyber insurance market tightening, MSPs can position themselves as essential partners in the application and compliance process. Offering services that help SMBs navigate these waters can open up new revenue streams and deepen client relationships.

Looking Ahead

The role of MSPs is more critical than ever. SMBs are counting on you not just to defend against threats but to guide them through an increasingly complex digital environment. By focusing on simplification, proactivity, and education, you can not only tackle the challenges of 2025 but also seize the opportunities it presents.

The cybersecurity battle is ongoing, and it’s not just about technology—it’s about strategy, people, and vision. As we lead the guard together, let’s make 2025 a year where MSPs don’t just survive but thrive.

Until next time,
Dor

Start Free Trial

About Guardz
Guardz is on a mission to create a safer digital world by empowering Managed Service Providers (MSPs). Their goal is to proactively secure and insure Small and Medium Enterprises (SMEs) against ever-evolving threats while simultaneously creating new revenue streams, all on one unified platform.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

Setting up StarWind Virtual SAN (VSAN) as Hardened Repository for Veeam B&R

 

Introduction

Hi, fellas. If you’re in charge of keeping your business data safe, you know that protecting it from ransomware and other threats is a top priority. One of the best ways to do this is using a 3-2-1-1 backup practice. That extra “1” in 3-2-1-1 stands for using immutable storage, such as on a Linux-based hardened repository.

In this article, I will show you how to turn your existing or aging server hardware into immutable backup storage to keep your data safe against ransomware. All you need is Veeam Backup & Replication and StarWind VSAN that will perform a role of Hardened Repository. This is a super easy and efficient way to keep your data safe, and I’ll walk you through the entire process step by step.

Why immutability?

Firstly, let’s talk about why backups have to be immutable. Essentially, it means that once a backup is made, it can’t be deleted or changed. This is important for crucial data because it means that even if a hacker gets into your system and tries to remove your backups, they won’t be able to. This is why write-once-read-many (WORM) storage media like tape libraries and optical media are commonly used for backups. However, these types of media can be a bit of a pain to manage because they need to be rotated and replaced regularly to align with retention policies.

What’s the easiest way to enable immutability? 

This is where Veeam B&R comes in – it’s an industry-standard backup solution that works with most storage media types, including physical and virtual tapes. What’s more, in Veeam B&R v11, they added support for  Hardened Backup Repositories, allowing to enable immutability for backups without using object storage or any specialized third-party solutions. You can find the deployment documentation for this on Veeam B&R KB.

Now, you could go through the process of setting up a Linux server and configuring it to work with Veeam B&R, but it’s not exactly a walk in the park. However, there’s good news – we’ve made it super simple with StarWind VSAN.Diagram: StarWind VSAN as Hardened Repository for Veeam B&R

We’ve developed a set of management tools that are pre-configured in the web console, so you can easily set up a storage server using commodity hardware. All you need to do is use a few wizards in StarWind Virtual SAN  web-console, and you’ll have a hardened repository for Veeam B&R in no time.

How to set up?

In today’s article, I won’t be covering the initial setup process. For details on configuring the StarWind Controller Virtual Machine (CVM), its networking, and storage, refer to our previous article: ‘How to Create a File Share with StarWind VSAN‘. Make sure to review it before proceeding. We’ll also post instructions for the bare-metal StarWind VSAN deployment in a separate blog post later on, so stay tuned.

Assuming you’ve completed the preliminary steps and created a storage pool, we can now move on to creating a new volume in the Virtual SAN Web UI.

Once the storage pool is created, navigate to the “Volumes” tab and click the “+” button to open the “Create volume” wizard:

“Volumes” tab | “Create volume”

Now select the storage pool that you are going to use for the new volume and click “Next”:

Create volume wizard | Select storege pool

Specify the name of the new volume and select the required size:

Create volume | Specify settings

Now select the filesystem for your volume. Select the “Backup repository” option, because it is already configured according to Veaam best practices and recommendations.

Create volume | Choose Filesystem settings

Review your settings and click “Create” to create the new volume:

Create volume | Review summary

After this, you need to add a Veeam user to the CVM to provide Veeam access to the storage. For this, in the “Volumes” tab, select your newly created backup volume and click “Manage VHR (Veeam Hardened Repository) user.

In the “Manage VHR user” pop-up window, click the “+” button:

Manage VHR user | Create Veeam user

Specify the credentials for the new user:

Create Veeam user | Specify the credentials for the new user

Select the newly created user and enable SSH access for it, and click “Save”:

Manage VHR user | Select the newly created user and enable SSH

Congrats! You have completed the StarWind VSAN configuration. You’ll need to connect the created volume to Veeam B&R as the new backup repository. To do that, open the Veeam Backup and Replication console, navigate to “Backup Infrastructure”, and select “Backup Repositories”:

Veeam Backup and Replication console | Navigate to “Backup Infrastructure”, and select “Backup Repositories”

Click “Add Repository”  and select “Direct attached storage:

Add Backup Repository | Select “Direct attached storage

Next, select “Linux (Hardened Repository)”:

Direct Attached Storage | Select “Linux (Hardened Repository)”

In the “New Backup Repository” wizard, specify the name and description for the new repository and click “Next”:

“New Backup Repository” wizard | Specify the name and description for the new repository

In the next step, click “Add New”:

New Backup Repository wizard | Add New

In the “New Linux Server” wizard, specify the IP address or the DNS name of your StarWind CVM and click “Next”:

New Linux Server wizard | Specify the IP address or the DNS

Click “Add” and specify the credentials of the VHR user account that you created in StarWind VSAN Web UI:

New Linux Server | Specify the credentials of the VHR user account

SSH Connection | Provide Credentials

Review the installed components and click “Apply”:

New Linux Server | Review the installed components

Wait until the installation is completed and then click the “Next” button:

New Linux Server | Wait until the installation is completed

Review the summary and click “Finish”:

New Linux Server | Review the summary

In the “New Backup Repository” wizard, select the newly added Repository server from the drop-down menu:

New Backup Repository wizard | Select the newly added Repository server

Now, select the path to the volume on the StarWind VSAN appliance. Also, check that the “Use fast cloning on XFS volumes” setting is enabled and specify the required retention period for immutability:

New Backup Repository | Select the path to the volume on the StarWind VSAN appliance

After that, check the Mount Server settings, where you will be doing fast restores of your backups:

New Backup Repository | Check the Mount Server settings

Check the components that will be installed and click “Apply”:

New Backup Repository | Check the components that will be installed

Wait until the process is completed and click “Next”:

New Backup Repository | Wait until the process is completed

Review the summary and click “Finish”:

New Backup Repository | Review the summary

To secure the server from potential local threats such as credentials theft, in the StarWind VSAN Web UI, navigate to the “Volumes” page, launch the “Manage VHR user” wizard, and disable SSH for the VHR user account:

Manage VHR user wizard | Disable SSH for the VHR user account

Additionally, keep in mind that this method makes it easy to set up a hardened repository and secure your backups. It’s still important to regularly test and verify your backups to ensure they are working properly and can be restored in case of an emergency. Ensure your software and hardware up to date, and to have a disaster recovery plan in place in case the worst happens.

Conclusion

To sum up, using StarWind VSAN as hardened repository for Veeam B&R is a great way to protect your business data from any threats, while also making the process of setting it up easy and straightforward. With the help of our management tools, you can have a secure and reliable backup solution up and running in no time. So, if you’re looking to upgrade your backup strategy and keep your data safe, give StarWind VSAN a try.

About StarWind

StarWind is a pioneer of hyperconvergence and storage virtualization and the only all-flash hyperconvergence vendor on the market. We provide a unique blend of simplicity, performance, and affordability, yet with the ultimate in flexibility. Our focus is to help companies create sustainable and effective IT infrastructures with minimum effort.

We believe that quality should preside over quantity when it comes to building infrastructures. Our solutions provide businesses with the ability to use only those IT resources that are truly necessary and to make the most out of them in an efficient and performant manner.

About Version 2 Digital

Version 2 Digital is one of the most dynamic IT companies in Asia. The company distributes a wide range of IT products across various areas including cyber security, cloud, data protection, end points, infrastructures, system monitoring, storage, networking, business productivity and communication products.

Through an extensive network of channels, point of sales, resellers, and partnership companies, Version 2 offers quality products and services which are highly acclaimed in the market. Its customers cover a wide spectrum which include Global 1000 enterprises, regional listed companies, different vertical industries, public utilities, Government, a vast number of successful SMEs, and consumers in various Asian cities.

×

Hello!

Click one of our contacts below to chat on WhatsApp

Social Chat is free, download and try it now here!

×