On Thu, Oct 25, 2012 at 2:41 PM, Edwin Zarthrusz <zarthr...@yahoo.co.uk> wrote: > Can you send me a straight-forward list of commands for updating and applying > any necessary security patches and such on my install? And is there a way of > getting it to update automatically?
Hi Ed, In addition to all of the other correspondents, I have to add that I generally don't let it automatically update. I have a small (15-20 hosts) network at home, and a larger one (250-300 hosts) at work. I never automatically update because every now and again, things can get broken, like APIs/ABIs. This is primarily when running testing or unstable (which I do on most of my machines). Automatically updating can leave you scrambling to get everything fixed. (Remember, MS forces auto-updates, and you can see how well that works out for them...:) ) What I do is similar to what Glenn suggested. Each of my hosts sends apticron updates to my email, and every day, I run through the list and see if I need to update. I check for a) applications affecting the purpose of the server, e.g. php or mediawiki or apache on my wiki, ruby or puppet on my puppetmaster, etc.; b) Urgency of the update. About 8 months ago, there was a kerberos patch that was listed as "Emergency". I upgraded as quickly as I could. I also peruse the changes for the packages listed for upgrade. I'm more likely to upgrade if packages say "Apply security patch for..." than for ones that say "new upstream release" unless I need some piece of functionality. The final point is that you should get more hands on with your security if you are that concerned with it. Here are a few approaches that I suggest: * Only run services that you really need. If you're not using an app, either turn it off or deinstall it. * Run a firewall to keep all services from being exposed to the internet. * Run tools like nmap and nessus (the free version) or openvas against your machine in addition to patching what others think you need to patch. * Keep good backups. * Read the Debian security list (http://www.debian.org/security/). * Get familiar with your machine and how it normally behaves. That way, if something does go awry, you have that familiarity, which may allow you to find a problem in days or hours instead of weeks or months. Not only will this help you secure your machine, it can develop into marketable skills. Regards, --b -- To UNSUBSCRIBE, email to debian-user-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/cakmzw+y3cwy02+dw0qporc9fddurojvyiyrjg6ugcva7aml...@mail.gmail.com
