Keeping Servers Upto Date

If you must run a server, try to run the latest version of it. Sometimes (but not always) server updates fix security bugs. For this reason, running old versions of a server can be risky—the old version may be susceptible to attack. In theory, you should be able to check the change logs (summaries of changes made to programs) to ascertain whether an old version you're running is a security risk. For updates that don't cross major version boundaries, though, it's usually much simpler to use your distribution's package system to update to a more recent version.

Warning Package management systems sometimes replace server configuration files when you upgrade the package. Therefore, I recommend backing up the configuration files prior to performing such an upgrade. For that matter, keeping a backup of the entire /etc directory tree is a useful precaution.

Chapter 11, "Managing Packages," includes information on using package management tools to help keep your system up to date. Automated or semi-automated tools, such as Debian's Advanced Package Tool (APT) and Red Hat's Update Agent, can be very helpful in this process, as well. The "Keeping Software Up-to-Date" section of Chapter 18 includes additional pointers to resources for helping in this endeavor.

0 0

Post a comment