Taras Shumylo
asked on
What are best practices for keeping up to date Linux servers?
I recently moved from Windows Server administration to Linux administration. In Windows I get used to practice that all critical and security updates are installed ASAP on their release. On Windows this can be done via few buttons with help of WSUS and SCCM.
When I moved to Linux I am very surprised that I see 3rd Senior Linux administrator who do not care about updates at all. When I tried to find some central point of checking if my system is secure or not, like WSUS and SCCM - I couldn't find it.
What are best practices of ensuring that my Linux system is up to date and secure? What about 3rd party software installed on this system? How can I check that it's also secure?
When I moved to Linux I am very surprised that I see 3rd Senior Linux administrator who do not care about updates at all. When I tried to find some central point of checking if my system is secure or not, like WSUS and SCCM - I couldn't find it.
What are best practices of ensuring that my Linux system is up to date and secure? What about 3rd party software installed on this system? How can I check that it's also secure?
first thing, make sure you familiar with the environment, application, functions, services.
once you have this, you will be in a better position when security related fixes are released to know whether that is relevant to your environment and scheduling downtime for update.
some things can be updated, without a need to reboot, minimizing downtime, to restart of the application.
the linux distribution will also ............ deal with handling updates.
once you have this, you will be in a better position when security related fixes are released to know whether that is relevant to your environment and scheduling downtime for update.
some things can be updated, without a need to reboot, minimizing downtime, to restart of the application.
the linux distribution will also ............ deal with handling updates.
ASKER
arnold, how do I get information when security bugs and updates for them are released? Just googling sound like not very professional solution.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
If you are running debian/ubuntu based distro's, first run apt-get update to update the data from the repositories, then apt-get upgrade to get and install the updates that are available. This also updates software, not just the OS itself, provided the software was also installed from the repositories using the package-manager, which is the way software should get installed.
If it is a CentOS based distro, then you update the system via yum update.
As long as your distro is based on stable, normal versions, this is safe and it should be done regularly. Only kernel updates need reboots. For the rest you may have to restart the service that got updated.
If it is a CentOS based distro, then you update the system via yum update.
As long as your distro is based on stable, normal versions, this is safe and it should be done regularly. Only kernel updates need reboots. For the rest you may have to restart the service that got updated.
okay, automatic updates can be done but it depends on your Linux version. e.g. for Ubuntu, unattended upgrade does the job. see below the details.
http://askubuntu.com/questions/9/how-do-i-enable-automatic-updates