UPDATING AND PATCHING UNIX AND OTHER OSs
Most desktop security incidents are centered around flaws in the operating system. As these flaws are discovered, vendors release patches to cover these security holes - by updating your operating system you ensure it has all the latest patches. While nearly all Unix/Linux OSes have some easy mechanism for doing this, so mechanism varies from distribution to distribution.
The most reliable method for ensuring you are running the latest version of networked clients is simply to subscribe to announce-lists for the programs and recompile or patch to the latest version when one is released. The number of lists you would be subscribed to can be significantly reduced by simply reducing the number of running services to a minimum (and installing/configuring a firewall). At a minimum, you should watch for updates to the kernel, inetd, or distribution specific services.
- For Linux systems, your distribution may have a command-line or even graphic software update tool (for example, up2date for Red Hat, apt-get for Debian, swaret for Slackware, or autoupdate for other RPM-based distributions). If nothing else, the makers of your distribution will keep a mailing list for notifying users of updates to the distribution. Check at your distribution's website for more specifics.
- For SunOS and Solaris systems, the patches are available at http://sunsolve.sun.com. We recommend you install the "Recommended and Security Bug Patches."
- For any other Unix systems, contact your operating system vendor for information.