Many compromised systems owe their inglorious compromised status to lack of appropriate maintenance. A few minutes spent checking for and installing software updates on a regular basis can save uncountable hours of work later, because updated software frequently includes fixes for security bugs . If you update buggy software quickly enough, would-be intruders will not be able to exploit security vulnerabilities. The Importance of Server UpdatesSoftware bugs can take many forms and have many different types of effects. Bugs can corrupt data, crash the affected program, or make the program behave in some odd way. Some bugs are security- related . They may allow a person to write arbitrary files in arbitrary locations ( potentially overwriting critical configuration files), or give the abuser the ability to run programs under some other username. In sum, such bugs can compromise the system, giving a normal user superuser privileges. Servers, like any other program, can be buggy. Buggy servers are particularly important because they're potentially more accessible than are buggy local programs. If a non-network program (say, man ) contains a security-related bug, only local users can exploit the bug. Assuming your users are trustworthy, and assuming a cracker hasn't gained local access to your system, such a bug won't cause harm. (Of course, those assumptions aren't always valid, so fixing such bugs is important.) Many servers, by contrast, are accessible to the world at large. If a flaw in a Web server allows any user to take control of the computer, then that Web server is vulnerable to attack from just about anybody. Thus, security bugs in servers are particularly critical, and it's vital you protect yourself against them. The problem is exacerbated by the fact that many servers run as root . If a program (server or nonserver) that runs as an ordinary user is compromised, chances are little damage can be done with it. For instance, such a program can't ordinarily rewrite your /etc/passwd file. If a program that runs as root is compromised, though, the attacker has much greater power; if such a program can be made to write arbitrary files, changing /etc/passwd is very possible. Many servers need root privileges to function correctly. For instance, root access is needed to provide login services, or even to listen to the first 1024 ports, on which most servers run. (A super server runs as root , but can spawn a server that runs as another user, even when it serves a sub-1024 port.) For all of these reasons, it's critical that you keep your servers up to date. You don't necessarily need to perform every server update, because many server updates exist to add features or fix nonsecurity bugs that might not affect you. You should upgrade whenever an update emerges that fixes a security bug, though. How to Monitor for Updated SoftwareThere are several ways to look for updated software packages:
In most cases, some combination of the last two approaches is a good way to keep an eye on security developments. Reading your servers' Web sites can also be important, particularly if you're using unusual servers that aren't officially supported by your distribution. A quick check of two or three Web pages or newsgroups once a day can save untold hours of work recovering from a break-in. Even a once-a-week check is better than nothing, and a periodic comparison of installed packages against the latest versions available can help catch updates that might have slipped through the cracks, as it were. Automatic Software Update ProceduresUnfortunately, manually checking for software updates can be tedious at best. For this reason, there are several tools available to help automate the process. These include the following:
Automatic security updates are desirable in many ways, because they can help protect you against security breaches. They aren't without their drawbacks, though. By giving an automatic process control of your computer, you're entrusting it with a huge responsibility. Automatic updates can and do fail in various ways. For instance, an updated package might include a new bug or an incompatibility with another important package ( especially if you've mixed packages from your distribution with others you build yourself or install from tarballs). It's also conceivable that a cracker could break into the automatic update site or a DNS server in order to deliver modified packages. Because Debian packages sometimes include installation scripts that require human interaction, you shouldn't run apt-get in a cron job or other automated procedure; you should run it manually, even if you plan to do so on a regular basis. (Using apt-get -s -u upgrade in a cron job should be safe, though.) These tools don't always differentiate between security updates and others that are less critical, but which might cause problems for your system. On the whole, automated software updates can be quick and convenient , but I recommend using them only in a strictly supervised manner. Ideally, you should be able to authorize individual upgrades so as to head off problems due to an overzealous update agent. This is an area of active development, so it's likely that these tools will become more sophisticated and helpful in the future. |