this post was submitted on 23 Apr 2024

116 points (89.2% liked)

Linux

48129 readers

477 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

[email protected]

116

If all kernel bugs are security bugs, how do you keep your Linux safe? (www.zdnet.com)

submitted 6 months ago by [email protected] to c/[email protected]

64 comments fedilink hide all child comments

top 50 comments

sorted by: hot top controversial new old

[–] [email protected] 1 points 6 months ago

The penguin pic is so cute

[–] [email protected] 8 points 6 months ago

pacman -Syu

Rhetorical question?

[–] [email protected] 17 points 6 months ago

Article for the sake of having an article.

[–] [email protected] 8 points 6 months ago (1 children)

Security is not a binary variable, but managed in terms of risk. Update your stuff, don't expose it to the open Internet if it doesn't need it, and so on. If it's a server, it should probably have unattended upgrades.

[–] [email protected] 5 points 6 months ago* (last edited 6 months ago) (4 children)

If it's a server, it should probably have unattended upgrades.

Interesting opinion, I've always heard that unattended upgrades were a terrible option for servers because it might randomly break your system or reboot when an important service is running.

[–] [email protected] 2 points 6 months ago (1 children)

Not having automated updates can quickly lead to not doing updates at all. Same goes for backups.

Whenever possible, one should automate tedious stuff.

[–] [email protected] 1 points 6 months ago

Thanks for the reminder to check my backups

[–] [email protected] 2 points 6 months ago

That only applies to unstable distros. Stable distros, like debian, maintain their own versions of packages.

Debian in particular, only includes security patches and changes in their packages - no new features at all.* This means risk of breakage and incompatibilitu is very low, basically nil.

*exceot for certain packages which aren't viable to maintain, like Firefox or other browsers.

[–] [email protected] 2 points 6 months ago* (last edited 6 months ago) (1 children)

Both my Debian 12 servers run with unattended upgrades. I've never had anything break from the changes in packages, I think. I tend to use docker and on one even lxc containers (proxmox), but the lxc containers also have unattended upgrades running.

Do you just update your stuff manually or do you not update at all? I'm subscribed to the Debian security mailing list, and they frequently find something that means people should upgrade, recently something with the glibc.

Debian especially is focused on being very stable, so updating should never break anything that wasn't broken before. Sometimes docker containers don't like to restart so they refuse, but then I did something stupid.

[–] [email protected] 1 points 6 months ago* (last edited 6 months ago) (1 children)

I used to check the cockpit web interface every once in a while, but I've tried to enable unattended updates today. It doesn't actually seem to work, but I planned on switching to Nix anyway.

[–] [email protected] 1 points 6 months ago

I don't use Cockpit, I just followed the Debian wiki guide to enabling unattended upgrades. As fast as I remember you have to apt install something and change a few lines in the config file.

It's also good to have SMTP set up, so your server will notify you when something happens, you can configure what exactly.

[–] [email protected] 3 points 6 months ago

There are two schools of thought here. The "never risk anything that could potentially break something" school and the "make stuff robust enough that it will deal with broken states". Usually the former doesn't work so well once something actually breaks.

[–] [email protected] 16 points 6 months ago

Step one: stop listening to anything from Ziff-Davis.

[–] [email protected] 23 points 6 months ago (3 children)

Best way I found it running this command

rm -rf /

Then do a reboot just to be sure.

Good luck compromising my system after that.

FYI This is a joke Don't actually run this command :)

[–] [email protected] 7 points 6 months ago

It won't work without --no-preserve-root

[–] [email protected] 8 points 6 months ago* (last edited 6 months ago) (2 children)

sudo apt-get remove systemd (don't actually run this)

[–] [email protected] -3 points 6 months ago

Jokes on you I use a mac

[–] [email protected] 3 points 6 months ago

I ran it and followed a documentation to install Void Linux and now it runs so much smoother!

[–] [email protected] 2 points 6 months ago

good thing that command won't do anything anymore

[–] [email protected] 5 points 6 months ago (1 children)

Crontab dnf update -y and trust that if anything breaks uptime monitoing/ someone will let me know sooner or later.

[–] [email protected] 3 points 6 months ago

Don't use cron for that. Use the package managers auto update utility. Plus if you use the proper tools you can set it to security updates only

load more comments