When you get a new dedicated server, where do you go to get all the past patches and updates? I am new to this and haven't paid any attention to security news... Newer updates are easy to find. But I am afraid I might be missing some old but important patches. :(

What OS?

Linux RedHat 7.1

A nice way to do this if you have console access or VNC is to install Ximian GNOME and use red-carpet. Otherwise you might try RedHat's up2date program. Run rhn_register first to register with RedHat's network.

A good stragegy would be to setup a vanilla dedicated server with most of the patches and ghost the drive.

When you setup a new customers server, use a copy of the ghost drive as a starting point to customize from.

Hmm... do you know of any website where they give a list of all previous updates? It would be nice if you can select the software by name and see a complete list of download links.

Try rufus.w3.org to get the latest RPMs if you already know the packages. But you will basically have to go through every single package that you have installed. Automating this process is where tools like up2date and red-carpet come in.

I am new to this what does:if you have
console access or VNC mean?

Originally posted by weldonj
I am new to this what does:if you have
console access or VNC mean?

Console access means you have access to the console of the machine. That is, you can physically sit in front of the machine and look at the monitor and press the keyboard.

VNC is a really nice program that essentially gives you remote access to the keyboard, mouse and monitor. It's kind of like PCAnywhere, if you've heard of that program, and it's even better because it's free and runs on Linux and Windows both. You can get it from http://www.uk.research.att.com/vnc/

Originally posted by wave
Linux RedHat 7.1

Take a look at https://www.redhat.com/apps/support/errata/.
All info you need are there.

Thanks for the info! :) I don't have physical access to the server. What is a good program to run and test how secure my server is?

Like priyadi noted, the RedHat errata site is good to check. Even if you don't have physical access, you should still be able to run these commands (as root):

First, register for the RedHat network with this command:
rhn_register

Now, you can update your system with this command:
up2date

Before running up2date, do a search on these forums for up2date, as there was a small problem. I don't know if it's been corrected.

I recommend registering with the RHN - I can't remember how I did it, but you are allowed to register one server under your account for free http://rhn.redhat.com . You can then subscribe to be alerted by email when RPM updates/patches are released that are relevent to your system, and use the web site to selectively schedule the updates.

Note, this is only good for RPMS that you have installed on your machine, not other binaries you may have compiled or installed. Personally, I hate RPMs for those things that I need to have good control over like most of my web services, Apache, PHP, MySQL, ProFTP, my mailserver (postfix), etc. So you need to keep up-to-date with these softwares yourself through mailing lists or other sites on the web.

If you are a linux admin newbie like me - DO NOT update the kernal using up2date or the rhn web site unless you have read the entire manual on updating the kernel, know how to backup your LILO config, etc, and have told your web host what you are doing so they can be ready to reboot the machine from the command line if need be.

Yeah, I like Apache Tool Box (www.apachetoolbox.com) for configuring apache, mysql, PHP, etc.

I would personally not upgrade the kernel (or even reboot) for a machine where someone wasn't actually at the console.