LDP
/
old-www
1
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity
old-www/HOWTO/Security-Quickstart-Redhat-.../updates.html

250 lines
6.2 KiB
HTML
Raw Permalink Blame History

<HTML
><HEAD
><TITLE
>Step 2: Updating</TITLE
><META
NAME="GENERATOR"
CONTENT="Modular DocBook HTML Stylesheet Version 1.76b+
"><LINK
REL="HOME"
TITLE="Security Quick-Start HOWTO for Red Hat Linux"
HREF="index.html"><LINK
REL="PREVIOUS"
TITLE="Step 1: Which services do we really need?"
HREF="services.html"><LINK
REL="NEXT"
TITLE="Step 3: Firewalls and Setting Access Policies"
HREF="firewalls.html"></HEAD
><BODY
CLASS="SECT1"
BGCOLOR="#FFFFFF"
TEXT="#000000"
LINK="#0000FF"
VLINK="#840084"
ALINK="#0000FF"
><DIV
CLASS="NAVHEADER"
><TABLE
SUMMARY="Header navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TH
COLSPAN="3"
ALIGN="center"
>Security Quick-Start HOWTO for Red Hat Linux</TH
></TR
><TR
><TD
WIDTH="10%"
ALIGN="left"
VALIGN="bottom"
><A
HREF="services.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="80%"
ALIGN="center"
VALIGN="bottom"
></TD
><TD
WIDTH="10%"
ALIGN="right"
VALIGN="bottom"
><A
HREF="firewalls.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
></TABLE
><HR
ALIGN="LEFT"
WIDTH="100%"></DIV
><DIV
CLASS="SECT1"
><H1
CLASS="SECT1"
><A
NAME="UPDATES">4. Step 2: Updating</H1
><P
> OK, this section should be comparatively short, simple and straightforward
compared to the above, but no less important.</P
><P
> The very first thing after a new install you should check
the errata notices at <A
HREF="http://redhat.com/errata/"
TARGET="_top"
>http://redhat.com/apps/errata/</A
>,
and apply all relevant updates. Only a year old you say? That's a long
time actually, and not current enough to be safe. Only a few months or few
weeks? Check anyway. A day or two? Better safe than sorry. It is quite
possible that security updates have been released during the pre-release
phase of the development and release cycle. If you can't take this step,
disable any publicly accessible services until you can.&#13;</P
><P
> Linux distributions are not static entities. They are updated with new,
patched packages as the need arises. The updates are just as important
as the original installation. Even more so, since they are fixes. Sometimes
these updates are bug fixes, but quite often they are security fixes because
some hole has been discovered. Such <SPAN
CLASS="QUOTE"
>"holes"</SPAN
> are
<EM
>immediately</EM
> known to the cracker community, and they are
quick to exploit them on a large scale. Once the hole is known, it is quite
simple to get in through it, and there will be many out there looking for it.
And Linux developers are also equally quick to provide fixes. Sometimes the
same day as the hole has become known!&#13;</P
><P
> Keeping <EM
>all</EM
> installed packages current with your release
is one of the most important steps you can take in maintaining a secure
system. It can not be emphasized enough that all installed packages should be
kept updated -- not just the ones you use. If this is burdensome, consider
uninstalling any unused packages. Actually this is a good idea anyway. &#13;</P
><P
> But where to get this information in a timely fashion? There are a number of
web sites that offer the latest security news. There are also a number of
mailing lists dedicated to this topic. In fact, Red Hat has the <SPAN
CLASS="QUOTE"
>"watch"</SPAN
>
list, just for this purpose at <A
HREF="https://listman.redhat.com/mailman/listinfo/redhat-watch-list"
TARGET="_top"
>https://listman.redhat.com/mailman/listinfo/redhat-watch-list</A
>. This is a very low
volume list by the way. This is an excellent way to stay abreast of
issues effecting your release, and is <EM
>highly
recommended</EM
>. <A
HREF="http://linuxsecurity.com"
TARGET="_top"
>http://linuxsecurity.com</A
> is a good
site for Linux only issues. They also have weekly newsletters available:
<A
HREF="http://www.linuxsecurity.com/general/newsletter.html"
TARGET="_top"
>http://www.linuxsecurity.com/general/newsletter.html</A
>.
</P
><P
>
Red Hat also has the <SPAN
CLASS="APPLICATION"
>up2date</SPAN
> utility
for automatically keeping your system(s) up to date ;-). See the man page
for details.&#13;</P
><P
> This is not a one time process -- it is ongoing. It is important to stay
current. So watch those security notices. And subscribe to
that
security mailing list today! If you have cable modem, DSL, or other
full time connection, there is no excuse not to do this religiously.
All distributions make this easy enough!
</P
><P
> One last note: any time a new package is installed, there is also a
chance that a new or revised configuration has been installed as well.
Which means that if this package is a server of some kind, it may be
enabled as a result of the update. This is bad manners, but it can
happen, so be sure to run <SPAN
CLASS="APPLICATION"
>netstat</SPAN
> or
comparable to verify your system is where you want it after any
updates or system changes. In fact, do it periodically even if there are no
such changes.&#13;</P
><DIV
CLASS="SECT2"
><H2
CLASS="SECT2"
><A
NAME="AEN571">4.1. Summary and Conclusions for Step 2</H2
><P
> It is very simple: make sure your Linux installation is current. Check
the Red Hat errata
for what updated packages may be available. There is nothing
wrong with running an older release, just so the packages in it are
updated according to what Red Hat
has made available since the initial release. At least as long as
Red Hat is still supporting
the release and updates are still being provided. For instance,
Red Hat has stopped providing updates for 5.0 and 5.1, but still does for
5.2.
</P
></DIV
></DIV
><DIV
CLASS="NAVFOOTER"
><HR
ALIGN="LEFT"
WIDTH="100%"><TABLE
SUMMARY="Footer navigation table"
WIDTH="100%"
BORDER="0"
CELLPADDING="0"
CELLSPACING="0"
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
><A
HREF="services.html"
ACCESSKEY="P"
>Prev</A
></TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
><A
HREF="index.html"
ACCESSKEY="H"
>Home</A
></TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
><A
HREF="firewalls.html"
ACCESSKEY="N"
>Next</A
></TD
></TR
><TR
><TD
WIDTH="33%"
ALIGN="left"
VALIGN="top"
>Step 1: Which services do we really need?</TD
><TD
WIDTH="34%"
ALIGN="center"
VALIGN="top"
>&nbsp;</TD
><TD
WIDTH="33%"
ALIGN="right"
VALIGN="top"
>Step 3: Firewalls and Setting Access Policies</TD
></TR
></TABLE
></DIV
></BODY
></HTML
>
Reference in New Issue View Git Blame Copy Permalink