Home
Main website
Display Sidebar
Hide Ads
Recent Changes
View Source:
KeepingLinuxSecure
Edit
PageHistory
Diff
Info
LikePages
This page has instructions for keeping your Linux computer up-to-date with security updates and patches. The mechanisms differ for each distribution. !![Ubuntu] On the desktop, you'll be notified if you need to install any patches. For the server, enable this line in /etc/apt/sources.list: <pre> deb-src http://security.ubuntu.com/ubuntu dapper-security main restricted </pre> Then run <tt>apt-get update; apt-get dist-upgrade</tt> to update. !![Fedora] Fedora comes with a utility called 'yum'. Red Hat provides a frontend to this called up2date (this used to be the Red Hat network front end). However, if you have a Fedora Core 1 install, up2date is broken as Red Hat signed packages with a key that has now expired. Run <pre> yum update </pre> to download all the package headers (slow the first time) and all the updates packages (also slow the first time.) It is worth reading the [FAQ] at [Fedora FAQ|http://www.fedorafaq.org/] as this can make updates faster and give you some help. !![Mandriva] From the Mandriva Control Center, there is a GUI to check for and install updates. If you prefer the command line, [urpmi] is a powerful tool for keeping your system up to date. !! [Debian] If you're running [Stable], add the following line to your AptSourcesList: <pre> deb http://security.debian.org stable/updates main contrib non-free </pre> Then, every once in a while do an: <verbatim> aptitude update aptitude dist-upgrade </verbatim> This will pull the latest security updates from Debian's server. Security packages are stable packages with only the fixes for security vulnerabilities applied. It's normally safe to install updates on a schedule with a script if you're using only security.debian.org - packages in security are very reliable. If you want to be kept informed about Debian security updates, check out http://lists.debian.org/debian-security-announce/. If you're running Testing, you're out of luck. Wait 10 days for the security-fixed-in-unstable patch to filter down to you. If you're running Unstable, security fixes should be quickly integrated into your regular flood of updates. !! [Gentoo] <pre> emerge -U world </pre> will update all packages - but these are functionality updates as well as security updates, so is generaly not advised. Instead, run "emerge --sync" then "glsa-check --fix all". You should also check gentoo.org for documentation on dispatch.conf. !![Knoppix] [Knoppix] is designed to boot of a read-only media such as a [CDROM] and no security patches are issued. It's important to check that you're using a copy of the most recent version of [Knoppix] if you are using it for non-trivial tasks. ----- CategoryBeginners
No page links to
KeepingLinuxSecure
.
