It's Patch Tuesday...Again...
Overnight I received an email from a friend, forwarding me an article from Redmond Magazine. The topic of the magazine was the huge Patch Tuesday dump that our friends in Redmond have sent down. There was also some discussion about the patch bundles dropped by Adobe and Oracle as well. In the words of the author of the article It's a heavy burden for just this month. The email, though was what I wanted to highlight. My friend said to me:
Here's a good ad for Linux! ("Ya load 16 patches and whaddayaget? Another day older and deeper in debt. Saint Peter dontcha take me 'cause I can't goooooo; I owe my soul to the Microsoft stooooore" - with apologies to Tennessee Ernie Ford).
I am sure there are a number of Linux people that are waking up and pointing at their Windows using friends and saying I told you so, but I can assure you, most of those people are not professional Linux administrators. In fact, most of us that use Linux for a living would say not so fast.... Over the past two weeks I have had a number of things patched on my Fedora 13 system. I say things because I really was not paying attention to exactly what was being patched, pretty much the same way I do not not really pay much attention to what Microsoft (or Oracle or Adobe) are patching this week. Now you might argue that I not only should be paying attention, but that I inspect each and every patch before I apply it for relevancy and value. Yea, OK. Show of hands, who has time for that? Yes, there are some of you out there that not only do test each and every patch, but know exactly the impact it is going to have on your systems. Further, you also know that if one of your systems is down for even a second, the amount of money lost is more than enough to pay for the test and development systems needed to test patches when they come out. But most of us just take it on faith. We have to. Linux continues to be one of the safest operating systems on the market today. This is because of the model of access (least privilege) and the intense scrutiny of the code. But even with an average of one bug per 1000 lines of code, even we have patches, security issues and exploits that we have to be ever vigilant of. It is easy for us to point our fingers and laugh, but we should not become complacent.
Fast/Flexible Linux OS Recovery
On Demand Now
In this live one-hour webinar, learn how to enhance your existing backup strategies for complete disaster recovery preparedness using Storix System Backup Administrator (SBAdmin), a highly flexible full-system recovery solution for UNIX and Linux systems.
Join Linux Journal's Shawn Powers and David Huffman, President/CEO, Storix, Inc.
Free to Linux Journal readers.Register Now!
- Devuan Beta Release
- May 2016 Issue of Linux Journal
- EnterpriseDB's EDB Postgres Advanced Server and EDB Postgres Enterprise Manager
- The US Government and Open-Source Software
- The Humble Hacker?
- The Death of RoboVM
- BitTorrent Inc.'s Sync
- Open-Source Project Secretly Funded by CIA
- New Container Image Standard Promises More Portable Apps
- AdaCore's SPARK Pro
In modern computer systems, privacy and security are mandatory. However, connections from the outside over public networks automatically imply risks. One easily available solution to avoid eavesdroppers’ attempts is SSH. But, its wide adoption during the past 21 years has made it a target for attackers, so hardening your system properly is a must.
Additionally, in highly regulated markets, you must comply with specific operational requirements, proving that you conform to standards and even that you have included new mandatory authentication methods, such as two-factor authentication. In this ebook, I discuss SSH and how to configure and manage it to guarantee that your network is safe, your data is secure and that you comply with relevant regulations.Get the Guide