Maintain Your Server

Over a period of time the software on your Linux server will become quite out of date. There are many reasons why you might wish to update to a later version of a program or service on your Linux server, increased functionality, new features and bugfixes are to name just a few. The most pressing reason to update software on your Linux server would have to be in response to a security issue. Unfortunately the older the software you use, the longer it has been around and the more likely that someone has discovered a security flaw or exploit in that software. It is inevitable that you will need to upgrade something at some point to keep your Linux server safe.

The strategy that you would undertake to ensure that your Linux server is kept up to date is dependant on the distribution of Linux that you use. Many distributions now automatically update themselves or use package managers such as aptitude that allow you to easily check and upgrade your Linux server with the minimum of fuss and user impact. If this facility is available to you then by all means use it. In more traditional distributions of Linux it may be necessary to upgrade your Linux server the good old fashioned way, by compiling and installing the new package yourself. This is not as difficult as it may first sound and it is easy to track what may need to be upgraded. Simply make a list or spreadsheet of the programs and services that your Linux server runs and visit the websites for these packages on a regular basis to see if a new version has been released. The release notes for the new version will tell you why the new version has been released and whether or not it is a security update.

Turn Off Unused Services

If a service is not present or not running it cannot be exploited. Theres no point in running bind on a machine that is not used as a nameserver. Or running apache on your Linux server if when you point a web browser at it all it has is a page proclaiming It Works! Of course if the cache is poisoned on a nameserver nobody uses its unlikely that anyone will ever notice, let alone be affected by it. This doesnt hold true in all situations however, dns servers are often run in a chroot prison with good reason. Consider the potential damage possible if a Samba server had a security flaw that allowed an attacker to easily drop their payload directly onto your linux server. If a service is not running it cannot be exploited regardless of its state.

To turn off a service on boot with our Slackware Linux server simply disable its startup script by making it unexecutable. We'll use the Apache webserver for our example.

cd /etc/rc.d chmod -x rc.httpd

To turn off a service on boot with our Ubuntu Linux server you can use the update-rc.d command. Once again we will use Apache as our example service.

sudo update-rc.d -f apache2 remove

Ubuntu and other Debian based distributions of Linux can easily benefit from the rcconf program that allows the administrator to elect what services to run on startup through a menu based interface. Very handy if you like to turn services off and on a lot.

sudo apt-get install rcconf sudo rcconf