Solved

What are best practices for keeping up to date Linux servers?

Posted on 2016-08-16
5
114 Views
1 Endorsement
Last Modified: 2016-08-16
I recently moved from Windows Server administration to Linux administration. In Windows I get used to practice that all critical and security updates are installed ASAP on their release. On Windows this can be done via few buttons with help of WSUS and SCCM.

When I moved to Linux I am very surprised that I see 3rd Senior Linux administrator who do not care about updates at all. When I tried to find some central point of checking if my system is secure or not, like WSUS and SCCM - I couldn't find it.

What are best practices of ensuring that my Linux system is up to date and secure? What about 3rd party software installed on this system? How can I check that it's also secure?
1
Comment
Question by:Taras Shumylo
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
5 Comments
 
LVL 37

Expert Comment

by:bbao
ID: 41757776
the most easy solution is, go back to the beloved Windows world. i am kidding. :))

okay, automatic updates can be done but it depends on your Linux version. e.g. for Ubuntu, unattended upgrade does the job. see below the details.

http://askubuntu.com/questions/9/how-do-i-enable-automatic-updates
0
 
LVL 78

Expert Comment

by:arnold
ID: 41757842
first thing, make sure you familiar with the environment, application, functions, services.
once you have this, you will be in a better position when security related fixes are released to know whether that is relevant to your environment and scheduling downtime for update.

some things can be updated, without a need to reboot, minimizing downtime, to restart of the application.

the linux distribution will also ............ deal with handling updates.
0
 

Author Comment

by:Taras Shumylo
ID: 41757848
arnold, how do I get information when security bugs and updates for them are released? Just googling sound like not very professional solution.
0
 
LVL 78

Accepted Solution

by:
arnold earned 500 total points
ID: 41757874
The Linux distro in use has their own notification. cert.org,  and other lists/organizations in your area.

building your knowledge on the environment, should be the first step compared to signing up to lists for notifications....
Knowing what you have, you can fine tune and signup for relevant notification versus oversubscriubing and effectively ignoring all.
1
 
LVL 88

Expert Comment

by:rindi
ID: 41757913
If you are running debian/ubuntu based distro's, first run apt-get update to update the data from the repositories, then apt-get upgrade to get and install the updates that are available. This also updates software, not just the OS itself, provided the software was also installed from the repositories using the package-manager, which is the way software should get installed.

If it is a CentOS based distro, then you update the system via yum update.

As long as your distro is based on stable, normal versions, this is safe and it should be done regularly. Only kernel updates need reboots. For the rest you may have to restart the service that got updated.
0

Featured Post

Surfing Is Meant To Be Done Outdoors

Featuring its rugged IP67 compliant exterior and delivering broad, fast, and reliable Wi-Fi coverage, the AP322 is the ideal solution for the outdoors. Manage this AP with either a Firebox as a gateway controller, or with the Wi-Fi Cloud for an expanded set of management features

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
Active Directory security has been a hot topic of late, and for good reason. With 90% of the world’s organization using this system to manage access to all parts of their IT infrastructure, knowing how to protect against threats and keep vulnerabil…
Sending a Secure fax is easy with eFax Corporate (http://www.enterprise.efax.com). First, Just open a new email message.  In the To field, type your recipient's fax number @efaxsend.com. You can even send a secure international fax — just include t…
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question