All users should apply patches to their respective Linux installation:
1. upon the first time the machine is installed
2. at least every week after that to stay ontop of the newest bug and security fixes
To find out what are the current security issues with Linux, etc, check out the Security URLs in Section 5
--- --- ---
NOTE: This is where Redhat RPMs, and Debian upgrade files really shine and blow away Slackware .PKG files!
NOTE #2: Be careful of where you download your newer versions of source code, RPMs, etc. Recently, ftp://win.tue.nl was hacked and the hackers put trojan'ed versions of TCP-wrappers and Linux-utils on their site. Because of this, many user's passwords were sent to the hacker's email address, etc. Not good.
In the future, I will cover how to verify the package's authenticity with PGP.
Redhat users: Depending on when you purchased your CD, your CD might already have these RPMs installed so if it says the RPM is already installed, just skip it.
************************* ** Be cautious with RPMs ** Before you blindly start installing new patch RPMs or even new software in RPM form, you really should (quickly) inspect the RPM archive to make sure it looks ok. For example, lets say you are going to install a new Sendmail RPM:
First, download the new Sendmail RPM file and put it to some location for future reference. I personally put all files in /usr/src/archive as described in the top of Section 5
Now show the RPM creator's notes:
rpm -qip sendmail-*.i386.rpm
Show the RPM's file contents:
rpm -qlp sendmail-*.i386.rpm | more
- Next, if you already have an older Sendmail RPM installed, make sure that the new RPMs won't clober your old configuration files:
rpm -Uv --test sendmail-*.i386.rpm
For even more info (I'd recommend it), do:
rpm -Uvv --test sendmail-*.i386.rpm
- With a little cautious looking, you'll know what will happen if you install this new RPM. Ok?
If the new Sendmail installation is going to copy over your original files, the RPM will -usually- make a backup of your configuration files and add a ".rpmsave" to it.
*** ******************************
Redhat users #2: I have noticed that the "rpm" program will crash (coredump) about 60% of the way through a wildcard (*.rpm) RPM upgrade process. You should be able to safely figure out what patches it failed to install and do them manually or by doing the following:
Say that the RPM program died while doing patching in the letter range (Q). So, do this to install all patches from Q to Z.
"rpm -Uvh [q-zQ-Z].rpm
************************ ** Patching your Redhat system ** Now, to find out if any new RPM files exist for Redhat, go to http://www.redhat.com/support/docs/errata.html and then look at the upper right-hand corner's date. If this date is NEWER than the 00readme.errata file, then there are newer RPMs.
Their documentation system read SUCKS in terms of though there might be a NEWER RPM for Glibc, they mearly update the DATE in the previous Gblic errata entry. Lame eh? So, you will have to page though the different errata listing to find what newer-date entries have been added.
*** ******************************