On Fri, 8 Oct 2004 15:18:02 -0500 JW <[EMAIL PROTECTED]> wrote: <snip - new user administering Debian co-lo>
> I was reading the security FAQ and am somewhat alarmed to find (if I > understand correctly) that Testing is not actively supported by the > security team. Youch. If I could put stable on it I would, but for the > reasons stated above I can't. 'Testing' is not actively supported, correct until you near release time. Sarge has entered a freeze for the base packages, is in that 'near release time' phase and is now getting security updates along with the current 'Stable' (Woody). Sarge is expected to be released as the new stable 'any day now'. <snip> > Could anyone confirm that "upgrade" is the right way to stay up to > date. I'm not going to run it automatically, and I'll always do a test > run first to make sure nothing disastrous is going to happen. Yes, 'apt-get update' and 'apt-get upgrade' is the best way to keep up to date on security updates. If you install any packages outside of apt/dpkg and friends though, you will need to maintain them the same way you install them (obviously). > Is running upgrade on a regular basis a bad idea for any reason? The only thing that might cause a problem would be if it updates a large package (say Apache or Perl) and has a small configuration bug that makes you run around and pull your hair out trying to figure out what's changed and how to fix it. This is when reading the Debian-user list regularly is very helpful. However, Sarge is getting close enough to release that I haven't noticed anything major like that in the five or several months that I've been using it. <snip> > If anyone has advise on how to keep a Testing system secure, I'd > really like to hear it. First and foremsost, use a firewall and don't install software that you won't use. Extra and unneeded software can = extra security holes. Then there are additional tools like snort, tripwire, aide, etc. (apt-cache show 'packagename' will tell you more about it, apt-cache search 'keyword' will show you packages that meet that search criteria.) > P.S. If anyone has a link to some favorite documentation on Debian > package handling for newbies, please send it on. I've read a lot of > man pages and docs on the web site, and I'll keep reading till I get > it all. But the abundance of package handling tools and front ends is > quite bewildering to someone who's used to RPM and only RPM. TIA. http://newbiedoc.sourceforge.net/ has a lot of helpful information that's Debian specific. Written by Debian users for Debian users. HTH, Jacob -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]