Chapter 17. Keeping Up to Date

From the moment a Unix workstation or server is connected to the Internet, it is open to discovery and access by unwanted outsiders. Attackers find new Internet hosts with amazing speed. We know this from personal experience. In Summer 2002, one of the authors quietly set up a new Linux system on an unused IP address at his university, configured to accept only SSH connections. It was no more than 24 hours before the first failed SSH connection attempt was logged—and that was from a host in another country!^[1] Computers with DSL or cable Internet connections are especially targeted by automated attack tools because they are usually operated by people with little or no security knowledge.^[2] It is thus imperative that any Unix system that will be on a network be kept up to date with security fixes—both before connecting it to the network and after.

^[1] More detailed reports on the aggressiveness of attackers can be found at the web site maintained by The Honeynet Project, http://project.honeynet.org/. In one case, a newly configured Honeynet system was successfully penetrated 15 minutes after the computer was placed on the network.

^[2] And they are often out-of-the-box Windows configurations, rife with unmonitored defects to exploit.

In this chapter we will discuss how to securely update a Unix operating system and its applications, both during the initial setup of the host and after the host is in a production environment. We will also look at how to determine when the system and applications need to be updated.