mirror of
https://github.com/trimstray/the-practical-linux-hardening-guide.git
synced 2025-12-06 17:22:51 +01:00
2.3 KiB
2.3 KiB
Post install tasks
Keep system updated
ℹ️ Introduction
Software updates offer plenty of benefits. It’s all about revisions. These might include repairing security holes that have been discovered and fixing or removing bugs.
Some benefits:
- close up problems of security that has been discovered
- it can improve the stability of the system
- improvements the system stacks or network stacks
✴️ Make sure that the system is up to date
RedHat/CentOS
# Check for updates
yum check-update
# Install updates
yum update
# Install upgrades (with security updates)
yum --security upgrade
Policy
| Type | Severity | Reference | Comment |
|---|---|---|---|
| OpenSCAP | High | Ensure Software Patches Installed | |
| STIG | Medium | Vendor packaged system security patches and updates must be installed and up to date. | ID: V-71999 |
| CIS | ID: 1.2, 1.8 |
Debian
# Check for updates
apt-get update && apt-get upgrade
# Install updates
apt-get upgrade && apt-get dist-upgrade
✴️ Automatic security updates
RedHat/CentOS
yum install yum-cron
# Edit /etc/yum/yum-cron.conf
update_cmd = security
apply_updates = yes
# Enable service
systemctl enable yum-cron
systemctl start yum-cron
Debian
apt-get install unattended-upgrades apt-listchanges
# Edit /etc/apt/apt.conf.d/20auto-upgrades
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
✳️ Useful resources
☑️ Summary checklist
| Item | True | False |
|---|---|---|
| Regulary update your system | 🔲 | 🔲 |
| Automatic check system updates | 🔲 | 🔲 |