Customers, product developers, and administrators face a common goal: keeping intact the security of Linux-based product, its stability, and tackling the challenges involved.
In this Knowledge Sharing article, Aditya Lad provides guidance for analyzing the threat and severity of day-to-day security issues reported in Linux-based systems and how to devise patch strategies for the same. While Aditya has chosen Linux as an example due to its simplicity and pervasive use, the concepts can be applied to any operating system.
The article examines common problems and dilemmas faced by administrators who want to patch their Linux systems for security. It then covers two main strategies for patching a Linux appliance;
• staying updated with all patches
• applying only critical patches along with stability
Pros and cons of both the approaches are covered, followed by a discussion on the nature of patches and how to identify if the patch is applicable to your appliance’s security as well as some basic baseline exercise about the system. Vulnerability classification into local, remote and kernel vulnerabilities and their importance and severity is also covered along with some use cases and examples. The classification intends to find the severity and risk of a reported vulnerability based on which patching decisions can be made.
Aditya’s article concludes with an exploration on automation and testing and tracking of changes.