Patching Linux
Ongoing patching is perhaps the best thing you can do to enhance and maintain the security of your Linux systems. Regardless of the Linux distribution you use, using a tool to assist in your patching efforts makes your job a lot easier.
Distribution updates
The distribution process is different on every distribution of Linux. You can use the following tools, based on your specific distribution:
Red Hat: The following tools update Red Hat Linux systems:
- RPM Packet Manager, which is the GUI-based application that runs in the Red Hat GUI desktop. It manages files with an .rpm extension that Red Hat and other freeware and open source developers use to package their programs. RPM Packet Manager was originally a Red Hat-centric system but is now available on many versions of Linux.
- up2date, a command-line, text-based tool that’s included in Red Hat, Fedora, and CentOS.
Debian: You can use the Debian package management system (dpkg) included with the operating system to update Debian Linux systems.
Slackware: You can use the Slackware Package Tool (pkgtool) included with the operating system to update Slackware Linux systems.
SUSE: SUSE Linux includes YaST2 software management.
Multi-platform update managers
Commercial tools have additional features, such as correlating patches with vulnerabilities and automatically deploying appropriate patches. Commercial tools that can help with Linux patch management include ManageEngine ( www.manageengine.com/products/desktop-central/linux-management.html ), GFI LanGuard ( www.gfi.com/products-and-solutions/network-security-solutions/gfi-languard/specifications/patch-management-for-operating-systems ), and Dell KACE Systems Management Appliance ( http://software.dell.com/products/kace-k1000-systems-management-appliance/patch-management-security.aspx ).
