Securing Your Web Server - Keeping Up to Date (Page 4 of 4 )
Now that the server is locked down with a minimal set of accounts and services, it is important to patch everything to make sure that everything is up-to-date. There are several update managers for Linux; the Advanced Packaging Tool (APT) comes with Ubuntu.
Keeping up-to-date is critical to the security of a web server. It used to be that there was a lag of months (30–120 days) between when vulnerability was discovered and seeing it successfully exploited on a system. Today, that time has been reduced to hours instead of days.
APT
The sources for APT reside in its configuration file /etc/apt/sources.list. You can edit this file to include other repositories on the Internet.
To update the system, basically, it’s as simple as:
Get:3 http://us.archive.ubuntu.com edgy-updates Release.gpg [191B ] Ign http://us.archive.ubuntu.com edgy-updates/main Translation-en_US Ign http://us.archive.ubuntu.com edgy-updates/restricted Translation-en_US Get:4 http://us.archive.ubuntu.com edgy-backports Release.gpg [191B] Ign http://us.archive.ubuntu.com edgy-backports/main Translation-en_US Ign http://us.archive.ubuntu.com edgy-backports/restricted Translation-en_US Hit http://us.archive.ubuntu.com edgy Release Hit http://security.ubuntu.com edgy-security/main Packages Get:5 http://us.archive.ubuntu.com edgy-updates Release [23.3kB] Hit http://security.ubuntu.com edgy-security/restricted Packages Hit http://security.ubuntu.com edgy-security/main Sources Hit http://security.ubuntu.com edgy-security/restricted Sources Hit http://us.archive.ubuntu.com edgy-backports Release Hit http://us.archive.ubuntu.com edgy/main Packages Hit http://us.archive.ubuntu.com edgy/restricted Packages Hit http://us.archive.ubuntu.com edgy/main Sources Hit http://us.archive.ubuntu.com edgy/restricted Sources Get:6 http://us.archive.ubuntu.com edgy-updates/main Packages [53.8kB] Get:7 http://us.archive.ubuntu.com edgy-updates/restricted Packages [14B] Get:8 http://us.archive.ubuntu.com edgy-updates/main Sources [16.3kB] Get:9 http://us.archive.ubuntu.com edgy-updates/restricted Sources [14B] Hit http://us.archive.ubuntu.com edgy-backports/main Packages Hit http://us.archive.ubuntu.com edgy-backports/restricted Packages Hit http://us.archive.ubuntu.com edgy-backports/main Sources Hit http://us.archive.ubuntu.com edgy-backports/restricted Sources Fetched 93.6kB in 9s (9939B/s) Reading package lists... Done
APT keeps an inventory of what you have installed and cross-checks it against a cen tral repository on the Internet. If there is an update for a package, AP automatically goes out to the Internet and downloads it. Then you can control when the updates get applied using the Upgrade option.
After APT has retrieved any updates for your installed packages, you can apply the updates with:
apt-get upgrade
Please check back next week for the continuation of this article.
DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.
JavaScript 
Building a Secure Web Server
