version 15, including all changes.
.
Rev |
Author |
# |
Line |
8 |
JohnMcPherson |
1 |
This page has instructions for keeping your Linux computer up-to-date with security updates and patches. The mechanisms differ for each distribution. |
7 |
CraigBox |
2 |
|
14 |
CraigBox |
3 |
!![Ubuntu] |
|
|
4 |
|
|
|
5 |
On the desktop, you'll be notified if you need to install any patches. For the server, enable this line in /etc/apt/sources.list: |
|
|
6 |
|
|
|
7 |
<pre> |
|
|
8 |
deb-src http://security.ubuntu.com/ubuntu dapper-security main restricted |
|
|
9 |
</pre> |
|
|
10 |
|
|
|
11 |
Then run <tt>apt-get update; apt-get dist-upgrade</tt> to update. |
7 |
CraigBox |
12 |
|
|
|
13 |
!![Fedora] |
|
|
14 |
|
|
|
15 |
Fedora comes with a utility called 'yum'. Red Hat provides a frontend to this called up2date (this used to be the Red Hat network front end). However, if you have a Fedora Core 1 install, up2date is broken as Red Hat signed packages with a key that has now expired. Run |
|
|
16 |
|
13 |
IanMcDonald |
17 |
<pre> |
7 |
CraigBox |
18 |
yum update |
13 |
IanMcDonald |
19 |
</pre> |
7 |
CraigBox |
20 |
|
|
|
21 |
to download all the package headers (slow the first time) and all the updates packages (also slow the first time.) |
11 |
IanMcDonald |
22 |
|
|
|
23 |
It is worth reading the [FAQ] at [Fedora FAQ|http://www.fedorafaq.org/] as this can make updates faster and give you some help. |
7 |
CraigBox |
24 |
|
12 |
PeterHewett |
25 |
!![Mandriva] |
7 |
CraigBox |
26 |
|
12 |
PeterHewett |
27 |
From the Mandriva Control Center, there is a GUI to check for and install updates. If you prefer the command line, [urpmi] is a powerful tool for keeping your system up to date. |
7 |
CraigBox |
28 |
|
14 |
CraigBox |
29 |
!! [Debian] |
7 |
CraigBox |
30 |
|
|
|
31 |
If you're running [Stable], add the following line to your AptSourcesList: |
|
|
32 |
|
13 |
IanMcDonald |
33 |
<pre> |
7 |
CraigBox |
34 |
deb http://security.debian.org stable/updates main contrib non-free |
13 |
IanMcDonald |
35 |
</pre> |
7 |
CraigBox |
36 |
|
13 |
IanMcDonald |
37 |
Then, every once in a while do an: |
|
|
38 |
<verbatim> |
15 |
IanMcDonald |
39 |
aptitude update |
|
|
40 |
aptitude dist-upgrade |
13 |
IanMcDonald |
41 |
</verbatim> |
7 |
CraigBox |
42 |
|
|
|
43 |
This will pull the latest security updates from Debian's server. Security packages are stable packages with only the fixes for security vulnerabilities applied. It's normally safe to install updates on a schedule with a script if you're using only security.debian.org - packages in security are very reliable. |
|
|
44 |
|
|
|
45 |
If you want to be kept informed about Debian security updates, check out http://lists.debian.org/debian-security-announce/. |
|
|
46 |
|
|
|
47 |
If you're running Testing, you're out of luck. Wait 10 days for the security-fixed-in-unstable patch to filter down to you. If you're running Unstable, security fixes should be quickly integrated into your regular flood of updates. |
|
|
48 |
|
9 |
AristotlePagaltzis |
49 |
!! [Gentoo] |
7 |
CraigBox |
50 |
|
13 |
IanMcDonald |
51 |
<pre> |
7 |
CraigBox |
52 |
emerge -U world |
13 |
IanMcDonald |
53 |
</pre> |
7 |
CraigBox |
54 |
|
10 |
SteveBrorens |
55 |
will update all packages - but these are functionality updates as well as security updates, so is generaly not advised. |
|
|
56 |
Instead, run "emerge --sync" then "glsa-check --fix all". You should also check gentoo.org for documentation on dispatch.conf. |
7 |
CraigBox |
57 |
|
|
|
58 |
!![Knoppix] |
|
|
59 |
|
|
|
60 |
[Knoppix] is designed to boot of a read-only media such as a [CDROM] and no security patches are issued. It's important to check that you're using a copy of the most recent version of [Knoppix] if you are using it for non-trivial tasks. |
|
|
61 |
|
|
|
62 |
----- |
|
|
63 |
CategoryBeginners |