One thing I’m always telling others is to make sure they’ve got their bases covered. Security patches aren’t designed to break your software, after all; their developers designed them to protect your machine. Even so, problems can arise after a reboot. If a particular patch does break an application, it could be for a variety of reasons, ranging from poorly written software to out-dated standards that fall out of support in the newer software versions you are installing.
You should definitely do the following…
- Even if there are 25 or 50 patches needed, be informed of what’s being done to your machine.
- Focus on your machine’s core services, and understand how they may be affected by the new patches.
- Coordinate the change with those involved with the system you’re patching.
- Check your backups and make sure they are available.
- Make sure you have the right resources available in case you need help.
- Test the patches on non-critical machines, especially if they’re similar to the production boxes you’re scheduled to patch.
- Reboot the machine, if possible, since startup processes may have changed during the update.
- …and finally, confirm that everything works the way it should after you’re done.
When I used to install car alarms long ago, most of our customers at the alarm shop weren’t there because they were being proactive. They were there at the shop because they were the victims of an intrusion and decided to get an alarm after the fact. The same goes with keeping your machines patched and well protected. From a security standpoint, patching is a basic procedure that can keep your machines safe, even if you think you’re in the safest network around. Just remember, though, that even as no process is perfect, no network is perfect either. If someone should get past your firewalls, intrusion detection systems and the DMZ, at least you know that you’ve done your job and added an extra line of defense for your Linux machines.
Links for Bug/Security Updates/Support
Linux Distributions :
Red Hat - https://www.redhat.com/security/updates/
Novell SuSE - http://support.novell.com/patches.html
openSuSE - http://en.opensuse.org/SDB :SDB
Ubuntu - http://www.ubuntu.com/support
Security Organizations :
SANS Top 20 - https://www2.sans.org/top20/
Secunia - http://secunia.com
United States Computer Emergency Readiness Team - www.us-cert.gov