CIS Home > Security > News & Services > System Software Updates

System Software Updates

Macintosh

Mac OS X

To upgrade all operating system components:  From the Apple menu or Dock, select "System Preferences".  Open the "Software Updates" preferences panel, and select the "Update Now" button.

Mac OS 8 and 9
To upgrade all operating system components:  From the Apple menu, select the "Control Panels" submenu, then the "Software Update" control panel.  Select the large "Update Now" button.


Microsoft Windows XP
From the Start Menu, choose All Programs and then Windows Update. Select Scan for Updates. The critical Updates are the most important.

 


Red Hat Linux
A list of all updates, including security fixes, is available at http://www.redhat.com/errata/.

Purchasers of boxed Red Hat software can register for automatic updates at http://www.redhat.com/network/.

To subscribe to Red Hat's security announcements list, send email to redhat-watch-list-request@redhat.com with the subject line "subscribe". To unsubscribe, send email to the same address with the subject line "unsubscribe".

Debian GNU/Linux
A list of all security fixes is available at http://www.debian.org/security/.

To upgrade all installed packages: 
Make sure that the APT source for "security.debian.org" is enabled in the APT configuration file, /etc/apt/sources.list.  Then run "apt-get update && apt-get upgrade" (as root).

To subscribe to Debian's security announcements list, send email to debian-security-announce-request@debian.org with the subject line "subscribe". To unsubscribe, send email to the same address with the subject line "unsubscribe".


UNIX

In addition to keeping your OS up to date, there are several things you should do to further secure your system. First, be sure that the TCP Wrapper package is installed and correctly configured on your system. The TCP Wrapper package essentially adds a security wrapper around network services on your computer and it allows you to control who has access to your system. Once the package is installed there are three steps involved in using it. First, you must make sure that all services started from /etc/inetd.conf are "wrapped". Second, you must add a file to your system called /etc/hosts.deny which must have the entry "ALL:ALL" as it's only contents. Finally, you will need to create a file called /etc/hosts.allow which permits access to only those people and those specific network functions that you want to give access to.

The next step in securing your system is to install and use the Secure Shell. Secure Shell is a replacement for network services such as telnet, rsh, and ftp. The difference is that Secure Shell provides encryption and prevents anyone from spying on you (or worse, hijacking your sessions) while you work over the network. Secure Shell provides enough functionality that you should be able to completely disable telnet, ftp and rsh and only use the Secure Shell replacements.

The TCP Wrapper and Secure Shell packages can be found on the WHOI ftp sever for both Solaris and IRIX.

Sun / Solaris
Sun releases security updates as both individual patches and "patch clusters". The easiest method of keeping up to date with patches is to install the Sun "recommended" patch cluster. This is essentially a collection of all the patches that should be installed on your system to close security holes and fix general system bugs. I do not recommend installing every single patch that comes out, since some patches may introduce new problems into your system. The "recommended" patch cluster is a collection of only those patches that you really should have. The most recent Sun recommended patch cluster can be obtained directly from Sun's web site. The URL is http://www.sun.com/bigadmin/patches. Download the recommended patch cluster for your version of Solaris. View the readme included with the patch cluster for instructions on how to install it. Also note that you can view the release notes for the patch by clicking the "?" button beside the patch on Sun's web site. Viewing the release notes will tell you what is new in the patch cluster and the date it was last updated. New patches come out frequently so you should check this site once every few weeks for updates.