Lansweeper Finds 26% of Its Users On CentOS, Facing May 1st End-of-life

"Lansweeper's scans of its customers' networks found an awful lot of Linux boxes facing imminent end of life," reports the Register, "with no direct upgrade path." Belgian corporate network scanner vendor Lansweeper periodically collates some of the statistics collected by its users and publishes the results... This year's report says that while a third of its users' Linux machines run Ubuntu, second place goes to CentOS Linux [with 26.05%].

Back in 2020, Red Hat brought CentOS Linux 8's end of life forward from 2029 to the end of 2021. CentOS Linux 9 was canceled, CentOS Linux 8 is dead and gone, leaving only CentOS Linux 7. As we reported in May, CentOS 7's end of life is very close now — the end of June. After this month, no more updates.

Of course, Red Hat will be happy to help you migrate to RHEL. It offers a free tool to switch boxes' package source, but RHEL 7 hits what Red Hat terms "the end of its maintenance support 2 phase" on the same day. RHEL 7 isn't EOL, but you'll need to pay extra for "Extended Lifecycle Support (ELS)" to keep security fixes coming. Lansweeper seems confident this will happen: "Assuming most of the CentOS devices will migrate over to RHEL, we can expect RHEL to comfortably take over first place from Ubuntu soon."
RHEL was already on 20% of the machines scanned by Lansweeper (with Rocky Linux at 1.5%). But the Register argues that instead of switching to RHEL, "the freeloaders running CentOS Linux might well migrate to one of the RHELatives instead. CIQ publishes guidance on how to migrate to Rocky Linux, and will help if you buy its CIQ Bridge service. AlmaLinux has more than that with its ELevate tool to perform in-place version upgrades, as we described back in 2022.

"Or, of course, you could just reinstall with Debian, and run anything you can't immediately reprovision in a free RHEL container image."

Not end of life

[ThumpBzztZoom]

End of updates does not mean end of life for software. Even operating systems.

It's just pathetically over-dramatic to call it such. End of support, sure.

Now, if it was like a game that required a server to function and the server was being shut down, that would be end of life. But CentOS will continue to run fine long after the updates stop.

My last job had lab equipment hooked up to boxes running Win98, NT 4.0, XP and DOS (all had proprietary interface cards and software that would cost in excess of $10K each to replace). They're not dead yet.

Re:Not end of life

[Anonymous Coward]

Unlike air-gapped lab machines, these are connected to the internet.

It's not a great idea to have internet-connected machines running end of life software.

the freeloaders?

[Anonymous Coward]

But the Register argues that instead of switching to RHEL, "the freeloaders running CentOS...

Freeloaders?
Why would the author opine on this? I sense an agenda.

Re:

[Darinbob]

Problem is that someone gets tied to some particular machines, and the people who know how to upgrade them are gone, or there's no budget to fix all the software to work with newer releases, etc. One group is stuck with CentOS 6, which is awful but I really don't expect them to fix it. Sort of migrated past it with newer releases and devices, but still occasionally worried someone will demand a bug fix on legacy code for contractual reasons...

Re:

[fluffernutter]

Why wouldn't they pay someone who knows how to fix it? Many vendors available.

Re:

[Darinbob]

Well, the people with the purses don't know it's a problem. The team supporting the servers is not IT (if it were, it'd be Windows-only). It was a software team originally, set up for their own use, eventually becoming vital for production with several teams using it, the people who knew how to set it up left long ago.

Some of it really can't be fixed. At all. Technical debt. Nobody gets a sufficient budget to fix technical debt. Fixing technical debt is not a revenue generating activity. Solved probl

Re:

[fluffernutter]

Ok well then those are the companies that will now fall to militarized ai looking to exploit zero days and exploit and plunder as much as they can. Soon it will be hard for anyone to operate online without knowing how to protect themselves from that. Not a very good business plan that doesn't consider the technology it needs to run on. Kind of like building an office in a runoff stream and not worrying about the foundation.

Re:

[Darinbob]

Honestly, in my work experience, and experience of friends/relatives, most companies have some failing. All companies are shambolic in one way or another.

Re:

[WoodstockJeff]

Not to mention the updates that fix problems a system can't have... like fixes to packages that were either NOT installed, or uninstalled as unused. Do I need to update a package that isn't there? How can it be attacked, if it doesn't exist?

The last "security review" done on our systems listed several hundred packages that needed updating. The person making the recommendation was challenged to try compromising the system using the "well known" attacks against the packages... and found out, "Hey, they aren't

Re: Not end of life

[BadgerStork]

The person making the report was expected to be able to perform the exploits? You cannot expect that

Re:

[WoodstockJeff]

The person making the report was expected to be able to perform the exploits? You cannot expect that

If not, why was it his job to make the complaint? Why was his department listed as "Security"? Why was he on the call to discuss the "problem", and explain why it was important for us to "fix the problem"?

Must be nice to have a job where you have no responsibility for what you do, and no need to prove that what you say is true.

If he was unable to exploit the vulnerability, there should have been someone on his staff that could (there were), and he could report what they found (which he did). That is why he

Re:

[thegarbz]

End of updates does not mean end of life for software. Even operating systems.

False. It absolutely means end of life, especially for operating systems connected to the internet which expose you to all manner of unreasonable risk.

Re:

[ThumpBzztZoom]

So your contention is that on July 1st, every single installation of CentOS will immediately have new vulnerabilities? Or that all updates are monolithic and any vulnerability to any package renders it useless, including if it only affects packages that are not installed?

If not, it's definitely not end of life for that software. It's end of updates. Operating systems connected to the internet do not have unreasonable risk until there is a vulnerability that specifically affects an installed package that has

Re:

[thegarbz]

No. Just on 1st July it is end of life. It isn't dead, deceased, diseased, infected or any other of those terms. The fact you don't know what terms mean doesn't mean other are using them improperly.

End of life means end of life. No one is putting effort into its security. It's your risk. If you're on the internet it's unreasonable risk. Yeah it may very well be that someone is waiting to exploit a zero day for the EOL period.

Or that all updates are monolithic and any vulnerability to any package renders it useless

I feel like you don't know what security updates are and therefore aren't qualified

Re:

[ThumpBzztZoom]

Apparently, the entire point of my post went so far above your head, it's in orbit.

End of life is a bullshit, over dramatic, irrational term for end of updates. Sorry you think it's great and all, but that doesn't change the fact that the very term "End of life" implies death in every other use case, and just because some companies decided when applied to software it should irrationally mean "Not dead" doesn't mean it is now logical, rational, undramatic or not bullshit.

I feel like you don't know what security updates are and therefore aren't qualified to talk about this topic.

Since you seem to think quoting half

Re:

[Darinbob]

It also means that if you use those Linux systems, you wont' be able to rebuild them easily. Ie, when they dropped CentOS 6 support, with extremely little warning, overnight you could no longer build docker images from it. The main team who used it didn't really have anyone who knew how to build from scratch, they just kept duplicating ancient VM images. I was trying to get a container image just to try to migrate away from their servers, but then I couldn't even do that. Had to go with CentOS 7, with t

Re:

[sjames]

It depends on the context. For lab and industrial equipment, the OS is often seen by users more or less the same as firmware. On servers and desktops in the corporate world, no updates=dead and gone. With lab and industrial equipment generally isolated from the outside world, it's even OKish for it to be that way (until you need to retrofit a newer replacement part and there's no driver, that is).

Clear as mud.

[PsychoSlashDot]

So... most people run Ubuntu, but those that don't, tend to run CentOS which is owned by Red Hat who make their own competing distribution but they've been supporting CentOS 7 but they discontinued support for CentOS 8 first and maybe you should just run Debian, not Red Hat because Red Hat is also EoL unless you have a support contract?

I'm sure there's a compelling reason for all these distributions to exist but from the outside I have to say... I've never had less inclination to switch to Linux... and th

Re:

[ZipNada]

>> never had less inclination to switch to Linux

Old versions of MS software don't get support either, and Windows 10 will soon be in that category. All software rots over time.

Centos 7 was released 10 years ago and is likely being run on ancient legacy hardware that hasn't been touched for that long. Migration to more recent versions is pretty straightforward and there are many guides and assistants.
https://redhatdg.co1.qualtrics... [qualtrics.com]

Re:

[PsychoSlashDot]

>> never had less inclination to switch to Linux

Old versions of MS software don't get support either, and Windows 10 will soon be in that category. All software rots over time.

Centos 7 was released 10 years ago and is likely being run on ancient legacy hardware that hasn't been touched for that long. Migration to more recent versions is pretty straightforward and there are many guides and assistants. https://redhatdg.co1.qualtrics... [qualtrics.com]

It's nothing to do with support or lack of support that I'm pointing out as a turn-off. It's this... maze of distributions. What's the right one? It depends. Mostly on opinions. I don't have the energy to dig into Debian versus Ubuntu. I don't have the energy to screw around with KDE and Gnome and the half-a-dozen arguments that make up Linux.

Re:

[ZipNada]

>> maze of distributions

It doesn't really matter. Choose a popular one. They will all install the same application software for you, just in a slightly different way. If you can't tolerate having more than one choice stick with MS or Apple.

Re:

[WarlockD]

You say that but in all honestly there are only three practical Linux distributions. Debian based, RedHat based or "however this particular software package installs (CMake, make, etc) in Linux" based. I mean honestly most if not all modern distributions install similar software its just how that software is installed makes the biggest difference. In theory everyone should be using /usr or /opt but in reality, many apps just install themselves everywhere.

Its better than windows. You still rely on a ve

Re:

[Darinbob]

New versions of Windows will run old Windows binaries. This is not try with many Linux distributions. The binaries that can build and run on CentOS 7 don't run on CentOS 8; because of incompatible glibc versions. Can you put the older libraries on? Possibly, but they're not going to tell you how and it's up to you to figure it out on your own.

It is Linux after all, you can do what you want, it's flexible, you don't even need a distribution. Distributions are for scrubs! But in the real world nobody want

Re:

[93 Escort Wagon]

So... most people run Ubuntu,

In the end there apparently wasn't a vast migration by people whose jobs involve running servers, from what I've seen and heard. A lot of noise about leaving... but then most ended up migrating to AlmaLinux or Rocky Linux.

I wouldn't be surprised if a lot of desktop Linux users did switch away from CentOS, though. It was already the flavor du jour in that space, even before the brouhaha.

Re: Clear as mud.

[Malc]

Yep, we moved to Rocky. It's the new CentOS.

Re:

[markdavis]

You mean Alma :) It's the new CentOS

Re:

[93 Escort Wagon]

We went with Alma as well.

Re: Clear as mud.

[RazorSharp]

You seem to be conflating servers and desktops. Hardly anyone uses CentOS for desktops, just like Windows servers are becoming increasingly rare.

May 1?

[93 Escort Wagon]

Oh, so people have another 11 months of support? Hurray!

Re:

[tlhIngan]

You may think a whole year is plenty, but for a lot of things it's not a lot of time to plan migrations off CentOS 7 to something else. If you have a lot of it deployed, it can be a nightmare trying to figure out what needs to be migrated.

We ran into problems because our production systems use CentOS 7, and we're very reluctant to move off of what's working at the factory. We've already run into problems because next generation products are using technologies that aren't supported by such an ancient kernel

Let's see ...

[PPH]

... a Microsoft product finds a bunch of other systems and then generates a report guaranteed to panic the average CTO.

Whatcouldpossiblybethemotive?

The whole thing makes no sense

[Dawn Keyhotie]

Can someone give me a quick recap of how the open source CentOS project (Community Enterprise OS) became the property of Redhat / IBM?

The whole freaking point of CentOS was to provide an independent open-source version of Redhat Enterprise Linux. Basically compiled from the same source, minus any restricted files such as trademarked graphics. The same source code, compiled with the same compiler, using the same compiler options, then distributed for free. Binary compatibility guaranteed (as much as possible

Re:

[Koen Lefever]

Can someone give me a quick recap of how the open source CentOS project (Community Enterprise OS) became the property of Redhat / IBM?

Perhaps you should read Slashdot [slashdot.org], that website covered this [slashdot.org].

Note that this was before RedHat was acquired by IBM [slashdot.org].

Re:

[caseih]

Can someone give me a quick recap of how the open source CentOS project (Community Enterprise OS) became the property of Redhat / IBM?

They hired all the CentOS people essentially, and through them got the web site and git repos, etc. I don't recall if there was a governing board, but if there was, they all were hired by RH.

At first Redhat said CentOS Stream would become a beta version of RHEL where new features could be tested without impacting commercial customers.

And this is indeed what is still happenin

Re: The whole thing makes no sense

[ObscureCoder]

Important to note that Rocky devs also have contributed upstream to CentOS Stream, Fedora, and EPEL as well. And its a good thing that both projects are contributing in many ways. I think it is also a good thing that Rocky is staying 1:1 while Alma is making lots of changes yet staying ABI compatible. It give the community multiple options to find what works best.

aaah

[Ahnilated1]

I sure hope they got permission to scan their customer's networks before hand or I would be calling the FBI.

Re:

[Bradac_55]

So your saying your not in IT?
Even a average 20 year old desktop tech knows what Landsweeper is and that it's a paid windows/cloud hardware scanning utility.

And there's Project78

[internet-redstar]

The https://www.project78.com/ [project78.com] software allows mass automated in-place migration of both Red Hat 7 and CentOS 7 to either RHEL8 or Rocky Linux 8. We have now upgraded more than 15.000 machines; VMs or physical in this manner. It's a great solution for large enterprise deployments.

Switch to AlmaLinux pr RockyLinux can be done live

[Antique Geekmeister]

It is possible, though a bit risky, to switch a live host from RHEL or CentOS to AlmaLinux or RockyLinux live, with very modest shell scripts. The burdensome part is replacing *every RPM*, including those with identical names, to the other distribution's version. It's somewhat trickier to or from RHEL due to a few non-open-source licensed packages. in the standard deployments, but they're not critical.

Re:Switch to AlmaLinux/RockyLinux can be done live

[rklrkl]

I'm not sure you'd want to do a major upgrade of an OS and not reboot the system straight after the upgrade e.g. to run the new kernel, updated services and actually test the bootup sequence works. I've used ELevate successfully to do warm upgrades, but that involved changing the network interface names via udev rules and a couple of reboots. It worked well, but don't be surprised if some third party repos "vanish" and have to be put back.

If you're trying to avoid downtime completely, you should probably be

Re:

[Antique Geekmeister]

Switching to a new kernel normally includes an unavoidable reboot. I'd agree that "clustering the servers" could be more sensible, but it's expensive and not suitable for reference images of VMs or docker.

Re:

[Bradac_55]

Repeat after me,

1.) A snapshot is not a backup it's a restore point. (repeat that 10 more times before moving on).
2.) If you do not have your DB's and scripts separately backed up you should be fired.
3.) If you do not have a clear play book of all required dependencies needed during setup or re-configure per production server you should be fired.

If you've done all that correctly creating a new VM or bare metal server with a different version of Linux isn't all that difficult.

Re:

[Antique Geekmeister]

And in other news, Presidents who commit sedition should be convicted. We don't get everything we want or deserve.