Skip to content

Maintaining Software

trimstray edited this page Feb 26, 2019 · 30 revisions

You can file an issue about it and ask that it be added.


Table of Contents

Maintaining Software

Software mintenance is extremely important to maintaining a secure system. It is vital to patch software as soon as it becomes available in order to prevent attackers from using known holes to infiltrate your system.

Package signatures

Rationale

Changes to any software components can have significant effects on the overall security of the operating system. This requirement ensures the software has not been tampered with and that it has been provided by a trusted vendor.

Solution

Enabled gpgcheck option
gpgcheck=1

C2S/CIS: CCE-26989-4 (High)

Useful resources

Keep system updated

Rationale

Software updates offer plenty of benefits. It’s all about revisions. These might include repairing security holes that have been discovered and fixing or removing bugs.

U.S. Defense systems are required to be patched within 30 days or sooner as local policy dictates.

Some benefits:

  • close up problems of security that has been discovered
  • it can improve the stability of the system
  • improvements the system stacks or network stacks

Solution

Updating all packages and dependencies
yum update

C2S/CIS: CCE-26895-3 (High)

Comments

Before updating the system, I do it in the console:

# This one-liner save the update process session:
script -t 2>~/upgrade.time -a ~/upgrade.script

Also these one-liners are important:

Check for updates
yum check-update
Install upgrades (with security updates)
yum --security upgrade
Roll back an update
yum history undo <id>

Useful resources

Remove vulnerable software

Rationale

The best protection against vulnerable software is running less software.

Solution

Remove or disable unnecessary services
# C2S/CIS: CCE-27274-0 (unknown), CCE-80154-8 (unknown), CCE-80152-2 (unknown)
yum remove -y rsh

systemctl disable rlogin.socket

C2S/CIS: CCE-27274-0 (unknown)

Comments

Useful resources