ML
    • Register
    • Login
    • Search
    • Recent
    • Categories
    • Tags
    • Popular
    • Users
    • Groups

    Best practice security updates linux servers?

    IT Discussion
    linux servers security updates
    10
    30
    615
    Loading More Posts
    • Oldest to Newest
    • Newest to Oldest
    • Most Votes
    Reply
    • Reply as topic
    Log in to reply
    This topic has been deleted. Only users with topic management privileges can see it.
    • travisdh1
      travisdh1 @JaredBusch last edited by

      @JaredBusch said in Best practice security updates linux servers?:

      @Pete-S said in Best practice security updates linux servers?:

      What is best practice when it comes to security updates on linux servers?

      How should it be handled?

      A lot of desktop systems are applying updates automatically but they are not mission critical either.

      I use yum-cron on RHEL 7/CentOS 7
      I use dnf-automatic on Fedora

      I only have a couple of Debian based servers and I keep being lazy about setting something there.

      This is the package for it on Debian
      https://wiki.debian.org/UnattendedUpgrades

      What @JaredBusch said. My first thing to setup/configure when making a new base image is the automatic update, dnf-automatic, yum-cron, or Unattended-Upgrades as the case may be.

      Since I just did a new Debain and Ubuntu base this past weekend, for those it's
      apt install -y unattended-upgrades && systemctl enable --now unattended-upgrades

      Those all handle security updates, which should always be up to date.

      1 Reply Last reply Reply Quote 2
      • JaredBusch
        JaredBusch @Pete.S last edited by

        @Pete-S said in Best practice security updates linux servers?:

        @JaredBusch said in Best practice security updates linux servers?:

        @Pete-S said in Best practice security updates linux servers?:

        What is best practice when it comes to security updates on linux servers?

        How should it be handled?

        A lot of desktop systems are applying updates automatically but they are not mission critical either.

        I use yum-cron on RHEL 7/CentOS 7
        I use dnf-automatic on Fedora

        I only have a couple of Debian based servers and I keep being lazy about setting something there.

        This is the package for it on Debian
        https://wiki.debian.org/UnattendedUpgrades

        So do you both download and apply them automatically?
        Security updates only or everything?

        Download and apply, everything

        But this is a low risk IMO as each VM is a single task.

        Not like updating very package ever on a server.

        1 Reply Last reply Reply Quote 4
        • Danp
          Danp last edited by

          Here's a prior discussion on setting up Unattended Upgrades --

          https://www.mangolassi.it/topic/19272/how-to-configure-automatic-updates-on-ubuntu-18-04-lts

          1 Reply Last reply Reply Quote 4
          • scottalanmiller
            scottalanmiller @Pete.S last edited by

            @Pete-S said in Best practice security updates linux servers?:

            A lot of desktop systems are applying updates automatically but they are not mission critical either.

            The more mission critical, the more you want automated updates!

            If you are big enough to have patch testing, then that's great and you should do that (if it makes financial sense.) But you have to be really, really big before it's financially viable as you basically need a full time staff, loads of compute resources, and a team that's doing that constantly and makes decisions lightning quick.

            1 Reply Last reply Reply Quote 3
            • scottalanmiller
              scottalanmiller @Pete.S last edited by

              @Pete-S said in Best practice security updates linux servers?:

              So do you both download and apply them automatically?
              Security updates only or everything?

              Security absolutely for sure. But often, everything. I always do security automatically. The other/rest is more situation by situation, but it's rare that I want (or a customer wants) to pay for updates when they could be automatic and faster.

              1 Reply Last reply Reply Quote 1
              • scottalanmiller
                scottalanmiller last edited by

                Literally was doing this today for a F100 customer 🙂

                V 1 Reply Last reply Reply Quote 0
                • V
                  VoIP_n00b @scottalanmiller last edited by

                  @scottalanmiller Who?

                  scottalanmiller 1 Reply Last reply Reply Quote -2
                  • scottalanmiller
                    scottalanmiller @VoIP_n00b last edited by

                    @VoIP_n00b said in Best practice security updates linux servers?:

                    @scottalanmiller Who?

                    Naming customers in public is not something people do in IT. Nor is in considered okay to ask.

                    Dashrender 1 Reply Last reply Reply Quote 4
                    • M
                      marcinozga last edited by

                      This whole approach of not doing updates on mission critical system is nonsensical. Admins need to grow a set and setup automatic updates on everything by default. If stuff breaks when you update it, that's on software vendor, period.

                      Dashrender 1 Reply Last reply Reply Quote 2
                      • Dashrender
                        Dashrender @scottalanmiller last edited by

                        @scottalanmiller said in Best practice security updates linux servers?:

                        @VoIP_n00b said in Best practice security updates linux servers?:

                        @scottalanmiller Who?

                        Naming customers in public is not something people do in IT. Nor is in considered okay to ask.

                        I can't remember where you fall on the asking about salary thing?

                        dbeato scottalanmiller 2 Replies Last reply Reply Quote 0
                        • Dashrender
                          Dashrender @marcinozga last edited by

                          @marcinozga said in Best practice security updates linux servers?:

                          This whole approach of not doing updates on mission critical system is nonsensical. Admins need to grow a set and setup automatic updates on everything by default. If stuff breaks when you update it, that's on software vendor, period.

                          LOL - sure of course, we'd love this to be true... it may be on the software vendor, but it's still on you as the one who has to support it for the company.

                          scottalanmiller 1 Reply Last reply Reply Quote 1
                          • dbeato
                            dbeato @Dashrender last edited by

                            @Dashrender I believe @scottalanmiller said that it is okay to share what salary you earn.

                            1 Reply Last reply Reply Quote 1
                            • scottalanmiller
                              scottalanmiller @Dashrender last edited by

                              @Dashrender said in Best practice security updates linux servers?:

                              @scottalanmiller said in Best practice security updates linux servers?:

                              @VoIP_n00b said in Best practice security updates linux servers?:

                              @scottalanmiller Who?

                              Naming customers in public is not something people do in IT. Nor is in considered okay to ask.

                              I can't remember where you fall on the asking about salary thing?

                              Salary is a personal matter. You should always be allowed to disclose details about yourself.

                              V 1 Reply Last reply Reply Quote 0
                              • scottalanmiller
                                scottalanmiller @Dashrender last edited by

                                @Dashrender said in Best practice security updates linux servers?:

                                @marcinozga said in Best practice security updates linux servers?:

                                This whole approach of not doing updates on mission critical system is nonsensical. Admins need to grow a set and setup automatic updates on everything by default. If stuff breaks when you update it, that's on software vendor, period.

                                LOL - sure of course, we'd love this to be true... it may be on the software vendor, but it's still on you as the one who has to support it for the company.

                                Only if you chose it, and if you chose a vendor that doesn't have working software, that's something to ponder.

                                1 Reply Last reply Reply Quote 0
                                • V
                                  VoIP_n00b @scottalanmiller last edited by

                                  @scottalanmiller said in Best practice security updates linux servers?:

                                  Salary is a personal matter. You should always be allowed to disclose details about yourself.

                                  Youtube Video

                                  scottalanmiller 1 Reply Last reply Reply Quote 2
                                  • scottalanmiller
                                    scottalanmiller @VoIP_n00b last edited by

                                    @VoIP_n00b said in Best practice security updates linux servers?:

                                    @scottalanmiller said in Best practice security updates linux servers?:

                                    Salary is a personal matter. You should always be allowed to disclose details about yourself.

                                    Exactly, I've actually seen that before. But it's well known in the industry, too. In high end positions, people discuss their salaries all of the time.

                                    It's not just within a single company. The entire IT industry does this. IT pros are constantly hiding their salaries, or worse, claiming that those that make better salaries than them are lying or anomalies. You see it here on ML a lot. People feel badly that they've negotiated so low and resent people finding out, but people with decent salaries often share, and get attacked for showing what can be earned.

                                    There's so much pressure to shame people into hiding their salaries and IT pros tend to be very susceptible to that kind of pressure that we have an industry earning so much less than it should.

                                    Dashrender 1 Reply Last reply Reply Quote 0
                                    • Dashrender
                                      Dashrender @scottalanmiller last edited by

                                      @scottalanmiller said in Best practice security updates linux servers?:

                                      @VoIP_n00b said in Best practice security updates linux servers?:

                                      @scottalanmiller said in Best practice security updates linux servers?:

                                      Salary is a personal matter. You should always be allowed to disclose details about yourself.

                                      Exactly, I've actually seen that before. But it's well known in the industry, too. In high end positions, people discuss their salaries all of the time.

                                      It's not just within a single company. The entire IT industry does this. IT pros are constantly hiding their salaries, or worse, claiming that those that make better salaries than them are lying or anomalies. You see it here on ML a lot. People feel badly that they've negotiated so low and resent people finding out, but people with decent salaries often share, and get attacked for showing what can be earned.

                                      There's so much pressure to shame people into hiding their salaries and IT pros tend to be very susceptible to that kind of pressure that we have an industry earning so much less than it should.

                                      What industries don't you find this in?

                                      scottalanmiller 1 Reply Last reply Reply Quote 0
                                      • scottalanmiller
                                        scottalanmiller @Dashrender last edited by

                                        @Dashrender said in Best practice security updates linux servers?:

                                        What industries don't you find this in?

                                        Well my exposure is less. But what I've seen everything from medical to manufacturing to finance to business to retail people share wages much more freely.

                                        DustinB3403 1 Reply Last reply Reply Quote 0
                                        • DustinB3403
                                          DustinB3403 @scottalanmiller last edited by

                                          @scottalanmiller said in Best practice security updates linux servers?:

                                          @Dashrender said in Best practice security updates linux servers?:

                                          What industries don't you find this in?

                                          Well my exposure is less. But what I've seen everything from medical to manufacturing to finance to business to retail people share wages much more freely.

                                          I've always assumed that keeping salary private was the norm as I've never really seen or heard anyone discuss it before. I'm sure it happens from time to time, but I think people want their income kept private.

                                          scottalanmiller 1 Reply Last reply Reply Quote 0
                                          • scottalanmiller
                                            scottalanmiller @DustinB3403 last edited by

                                            @DustinB3403 said in Best practice security updates linux servers?:

                                            @scottalanmiller said in Best practice security updates linux servers?:

                                            @Dashrender said in Best practice security updates linux servers?:

                                            What industries don't you find this in?

                                            Well my exposure is less. But what I've seen everything from medical to manufacturing to finance to business to retail people share wages much more freely.

                                            I've always assumed that keeping salary private was the norm as I've never really seen or heard anyone discuss it before. I'm sure it happens from time to time, but I think people want their income kept private.

                                            That's what businesses want you to think.

                                            1 Reply Last reply Reply Quote 1
                                            • First post
                                              Last post