Securing Your Web Server - Keeping Up to Date

(Page 4 of 4 )

Now that the server is locked down with a minimal set of accounts and services, it is important to patch everything to make sure that everything is up-to-date. There are several update managers for Linux; the Advanced Packaging Tool (APT) comes with Ubuntu.

Keeping up-to-date is critical to the security of a web server. It used to be that there was a lag of months (30–120 days) between when vulnerability was discovered and seeing it successfully exploited on a system. Today, that time has been reduced to hours instead of days.

APT

The sources for APT reside in its configuration file /etc/apt/sources.list. You can edit this file to include other repositories on the Internet.

To update the system, basically, it’s as simple as:

  apt-get update

  Ign cdrom://Ubuntu-Server 6.10 _Edgy Eft_ - Release i386 (20061025.1) edgy/main
  Translation-en_US
  Ign cdrom://Ubuntu-Server 6.10 _Edgy Eft_ -Release i386 (20061025.1) edgy/restricted
  Translation-en_US
  Get:1 http://us.archive.ubuntu.com edgy Release.gpg [191B]
  Ign http://us.archive.ubuntu.com edgy/main Translation-en_US
  Get:2 http://security.ubuntu.com edgy-security Release.gpg [191B]
  Ign http://security.ubuntu.com edgy-security/main Translation-en_US
  Ign http://us.archive.ubuntu.com edgy/restricted Translation-en_US
  Ign http://security.ubuntu.com edgy-security/restricted Translation-en_US
  Hit http://security.ubuntu.com edgy-security Release

  Get:3 http://us.archive.ubuntu.com edgy-updates Release.gpg [191B ]
  Ign http://us.archive.ubuntu.com edgy-updates/main Translation-en_US
  Ign http://us.archive.ubuntu.com edgy-updates/restricted Translation-en_US
  Get:4 http://us.archive.ubuntu.com edgy-backports Release.gpg [191B]
  Ign http://us.archive.ubuntu.com edgy-backports/main Translation-en_US
  Ign http://us.archive.ubuntu.com edgy-backports/restricted Translation-en_US
  Hit http://us.archive.ubuntu.com edgy Release
  Hit http://security.ubuntu.com edgy-security/main Packages
  Get:5 http://us.archive.ubuntu.com edgy-updates Release [23.3kB]
  Hit http://security.ubuntu.com edgy-security/restricted Packages
  Hit http://security.ubuntu.com edgy-security/main Sources
  Hit http://security.ubuntu.com edgy-security/restricted Sources
  Hit http://us.archive.ubuntu.com edgy-backports Release
  Hit http://us.archive.ubuntu.com edgy/main Packages
  Hit http://us.archive.ubuntu.com edgy/restricted Packages
  Hit http://us.archive.ubuntu.com edgy/main Sources
  Hit http://us.archive.ubuntu.com edgy/restricted Sources
  Get:6 http://us.archive.ubuntu.com edgy-updates/main Packages [53.8kB]
  Get:7 http://us.archive.ubuntu.com edgy-updates/restricted Packages [14B]
  Get:8 http://us.archive.ubuntu.com edgy-updates/main Sources [16.3kB]
  Get:9 http://us.archive.ubuntu.com edgy-updates/restricted Sources [14B]
  Hit http://us.archive.ubuntu.com edgy-backports/main Packages
  Hit http://us.archive.ubuntu.com edgy-backports/restricted Packages
  Hit http://us.archive.ubuntu.com edgy-backports/main Sources
  Hit http://us.archive.ubuntu.com edgy-backports/restricted Sources
  Fetched 93.6kB in 9s (9939B/s)
  Reading package lists... Done

APT keeps an inventory of what you have installed and cross-checks it against a cen tral repository on the Internet. If there is an update for a package, AP automatically goes out to the Internet and downloads it. Then you can control when the updates get applied using the Upgrade option.

After APT has retrieved any updates for your installed packages, you can apply the updates with:

  apt-get upgrade

Please check back next week for the continuation of this article.

DISCLAIMER: The content provided in this article is not warranted or guaranteed by Developer Shed, Inc. The content provided is intended for entertainment and/or educational purposes in order to introduce to the reader key ideas, concepts, and/or product reviews. As such it is incumbent upon the reader to employ real-world tactics for security and implementation of best practices. We are not liable for any negative consequences that may result from implementing any information covered in our articles or tutorials. If this is a hardware review, it is not recommended to open and/or modify your hardware.

Comments On: Securing Your Web Server

· This article is an excerpt from the book "Securing Ajax Applications: Ensuring the...   >>> Post your comment now!

Buy this book...

This article is excerpted from chapter four of Securing Ajax Applications: Ensuring the Safety of the Dynamic Web, written by Christopher Wells (O'Reilly, 2007; ISBN: 0596529317). Check it out today at your favorite bookstore. Buy this book now.