Fedora

Security Guide/SoftwareMaintenance

From FedoraProject

Chapter 5 - Software Maintenance

Install Minimal Software

It is best practice to install only the packages you will use because each piece of software on your computer could possibly contain a vulnerability. If you are installing from the DVD media take the opportunity to select exactly what packages you want to install during the installation. When you find you need another package, you can always add it to the system later.

Please see the SoftwareManagementGuide for more information on adding or removing software.

Plan and Configure Security Updates

All software contains bugs. Often, these bugs can result in a vulnerability that can expose your system to malicious users. Unpatched systems are a common cause of computer intrusions. You should have a plan to install security patches in a timely manner to close those vulnerabilities so they can not be exploited.

Fedora 9 is configured by default to apply all updates on a daily schedule.
You only need to make changes to this if you wish to apply only security updates or wish to apply updates manually.

For home users, security updates should be installed as soon as possible. Configuring automatic installation of security updates is one way to avoid having to remember, but does carry a slight risk that something can cause a conflict with your configuration or with other software on the system.

For business or advanced home users, security updates should be tested and schedule for installation. Additional controls will need to be used to protect the system during the time between the patch release and its installation on the system. These controls would depend on the exact vulnerability, but could include additional firewall rules, the use of external firewalls, or changes in software settings.

Adjusting Automatic Updates

Fedora 9 is configured to apply all updates on a daily schedule. If you want to change the how your system installs updates you must do so via Software Update Preferences. You can change the schedule, the type of updates to apply or to notify you of available updates.

Gnome

System > Preferences > System > Software Updates.

KDE

Applications > Settings > Software Updates.

Install Signed Packages from Well Known Repositories

Software packages are published through repositories. All well known repositories support package signing. Package signing uses public key technology to prove that the package that was published by the repository has not been changed since the signature was applied. This provides some protection against installing software that may have been maliciously altered after the package was created but before you downloaded it.

Using too many repositories, untrustworthy repositories, or repositories with unsigned packages has a higher risk of introducing malicious or vulnerable code into your system. Use caution when adding repositories to yum/software update.

Copyright © 2008 Red Hat, Inc. and others. All Rights Reserved. Please send any comments or corrections to the websites team.

The Fedora Project is maintained and driven by the community and sponsored by Red Hat. This is a community maintained site. Red Hat is not responsible for content.

• This page was last modified 14:45, 26 November 2008.
• This page has been accessed 2,309 times.

• Privacy policy
• About FedoraProject
• Disclaimers
• Sponsors
• Legal
• Trademark Guidelines