Staying Current with Your Distribution's Security Updates
One of the key elements of making and keeping Linux a prime-time player in your desktop or server environment is ensuring that it is current with security patches. You take measures to address security at the network and hardware levels, but it takes only one security hole to compromise your entire environment. All users, whether they are commercial, nonprofit or home users, must know how to update their systems and applications, and they must do so regularly.
Two steps are key to keeping your system clean: knowing when to update and actually performing the updates. The first can be solved by monitoring security bulletin mailing lists for your specific distribution. The second can be solved in numerous ways through graphical and command-line tools. Some distributions also include auto-upgrading software utilities that can help you monitor your system.
I admit that I use the terms update and upgrade interchangeably when referring to moving from one version of a software package to another. These essentially mean the same thing. You also want to be careful when updating software so you do not install a version of a package you did not intend to. Development versions of packages usually carry a different version series. If the version differs by too much, check for a different update.
This article investigates both command-line and GUI tools for keeping your Linux system up to date. We specifically look at Debian 3.0 (Woody), Mandrake 10.0, SuSE 9.1 and Fedora Core 2.
So how do you know when you should update? One good method is to subscribe to the security bulletins that your distribution provides. The on-line Resources provide URLs for the distributions covered in this article here and their respective security mailing lists. These usually are low-traffic mailing lists to alert you of security-related patches or updates. They also usually provide direct links for downloading the updated packages and MD5 sums to ensure you have a clean package. You manually can install a package this way. You also might need to grab any dependencies, if necessary.
Another method for knowing when to update is to use a script or application that polls for any updates. SuSE 9.1 and Fedora Core 2 include easy methods for automatically updating your current software with GUI tools. Debian and Mandrake also both have easy GUI tools and can be scripted to download packages in the middle of the night, letting you upgrade later.
I must offer a word of caution on upgrading software when no one is present to monitor the process. For instance, I heavily configure the Apache Web server. When I upgrade, it always asks me if I want to replace my config files. I usually run diff to see what the changes will do, but I rarely let them overwrite my config file. Make sure you note any changes in the software versions that are upgrading if you have any critical applications. Always back up your critical application config files.
The RPM command-line tool is a manual and dependable method for upgrading your RPM security update. The rpm command has a lot of switches for various options, but for upgrading packages, you should run:
# rpm -Uv package.rpm
For the RPM file, you can specify a local filename, or even an FTP or HTTP location. If your security mailing list includes direct URLs for package updates, command-line updating is very simple. For more information on the rpm command-line tool, check out the RPM Web site or the man page.
Debian and other Debian-based distributions use dpkg as their package management system. It used to stand for Debian GNU/Linux package manager. The dpkg FAQ page states that it no longer stands for anything, because it is used in non-Debian and non-Linux environments. This package manager does the mid-level work for APT, the Advanced Packaging Tool, and GUI tools such as Synaptic. Much like RPM, dpkg includes a plethora of command-line switches, but we focus on the simple upgrade switch:
# dpkg -i package.deb
|Speed Up Your Web Site with Varnish||Jun 19, 2013|
|Non-Linux FOSS: libnotify, OS X Style||Jun 18, 2013|
|Containers—Not Virtual Machines—Are the Future Cloud||Jun 17, 2013|
|Lock-Free Multi-Producer Multi-Consumer Queue on Ring Buffer||Jun 12, 2013|
|Weechat, Irssi's Little Brother||Jun 11, 2013|
|One Tail Just Isn't Enough||Jun 07, 2013|
- Speed Up Your Web Site with Varnish
- Containers—Not Virtual Machines—Are the Future Cloud
- Linux Systems Administrator
- Non-Linux FOSS: libnotify, OS X Style
- Lock-Free Multi-Producer Multi-Consumer Queue on Ring Buffer
- Senior Perl Developer
- Technical Support Rep
- UX Designer
- RSS Feeds
- Reply to comment | Linux Journal
3 hours 16 min ago
- Yeah, user namespaces are
4 hours 33 min ago
- Cari Uang
8 hours 4 min ago
- user namespaces
10 hours 57 min ago
11 hours 23 min ago
- One advantage with VMs
13 hours 52 min ago
- about info
14 hours 25 min ago
14 hours 26 min ago
14 hours 27 min ago
14 hours 29 min ago
Free Webinar: Hadoop
How to Build an Optimal Hadoop Cluster to Store and Maintain Unlimited Amounts of Data Using Microservers
Realizing the promise of Apache® Hadoop® requires the effective deployment of compute, memory, storage and networking to achieve optimal results. With its flexibility and multitude of options, it is easy to over or under provision the server infrastructure, resulting in poor performance and high TCO. Join us for an in depth, technical discussion with industry experts from leading Hadoop and server companies who will provide insights into the key considerations for designing and deploying an optimal Hadoop cluster.
Some of key questions to be discussed are:
- What is the “typical” Hadoop cluster and what should be installed on the different machine types?
- Why should you consider the typical workload patterns when making your hardware decisions?
- Are all microservers created equal for Hadoop deployments?
- How do I plan for expansion if I require more compute, memory, storage or networking?