CSEC_PUBLIC/the-practical-linux-hardening-guide
1
0
Fork 0
mirror of https://github.com/trimstray/the-practical-linux-hardening-guide.git synced 2025-12-06 09:12:46 +01:00
Code Issues Packages Projects Releases Wiki Activity
Files
075c6f9a1bba5aa0c2acc032982c043482996d55
the-practical-linux-hardeni…/lib/post_install_tasks/keep_system_updated.md
trimstray 58a65e659a updated TOC; minor updates 
- signed-off-by: trimstray <trimstray@gmail.com>
2019-02-20 13:57:28 +01:00

2.3 KiB
Raw Blame History

Post install tasks

Keep system updated

Introduction

Software updates offer plenty of benefits. Its all about revisions. These might include repairing security holes that have been discovered and fixing or removing bugs.

Some benefits:

  • close up problems of security that has been discovered
  • it can improve the stability of the system
  • improvements the system stacks or network stacks

✴️ Make sure that the system is up to date

RedHat/CentOS
# Check for updates
yum check-update

# Install updates
yum update

# Install upgrades (with security updates)
yum --security upgrade
Policy
Type Severity Reference Comment
OpenSCAP High Ensure Software Patches Installed
STIG Medium Vendor packaged system security patches and updates must be installed and up to date. ID: V-71999
CIS ID: 1.2, 1.8
Debian
# Check for updates
apt-get update && apt-get upgrade

# Install updates
apt-get upgrade && apt-get dist-upgrade

✴️ Automatic security updates

RedHat/CentOS
yum install yum-cron

# Edit /etc/yum/yum-cron.conf
update_cmd = security
apply_updates = yes

# Enable service
systemctl enable yum-cron
systemctl start yum-cron
Debian
apt-get install unattended-upgrades apt-listchanges

# Edit /etc/apt/apt.conf.d/20auto-upgrades
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

✳️ Useful resources

☑️ Summary checklist

Item True False
Regulary update your system 🔲 🔲
Automatic check system updates 🔲 🔲
Reference in New Issue View Git Blame Copy Permalink