General discussion


Effectively manage Linux updates

By debate ·
Does your organization use Linux? If so, which version do you use? How do you stay on top of patches for your Linux network? Share your comments about effectively managing Linux updates, as discussed in the April 2 Security Solutions e-newsletter.

If you haven't subscribed to our free Security Solutions e-newsletter, sign up today!

This conversation is currently closed to new comments.

Thread display: Collapse - | Expand +

All Comments

Collapse -

Of course we do run Linux...

by felipe_alfaro In reply to Effectively manage Linux ...

We do have a mixture of machines running Fedora
Core 1 and EnGarde Secure Linux.

Desktop machines run Fedora Core and are
configured for automatic updates via YUM.

However, the servers do run EnGarde Secure Linux
and, since we only have a few servers, patches
are manually installed after testing on a
testbed system and being approved by QA.

Collapse -

I disagree

by robtT In reply to Effectively manage Linux ...

I disagree with Mike Mullins about purchasing a commercial solution over a "free" solution. A very large part of the appeal of Linux is the "free" part, which is intended to denote the freedom to use the software however you please, not necessarily with zero price or no cost. What some commercial Linux vendors are attempting to do is move as close as possible to a commercialization of Linux in the proprietary software sense. Simplistically, you could look at the cost of the software as the license cost plus the support cost. For almost all Linux distributions, the license cost is zero - it's free. What companies like RedHat are doing is raising the support costs for as many customers as they can. If you look further at support costs, again simplistically, you can categorize installation and maintenance. Maintenance includes updating. RedHat will be glad to sell you can annual subscription for support that includes automatic updates, but the wrinkle is that RedHat doesn't actually create the updates. Unlike Microsoft, who actually has to code the updates, RedHat merely repackages someone else's "free" software into an RPM package that can be accessed through them via the paid support model. Every major Linux distribution has an auto-update feature, and so do probably all of the minor distributions. So the real question becomes, what kind of support do you need to pay for?

Our company switched over to Linux almost two years ago. We experimented with RedHat (7.3 and 8.0) and SUSE (8.0), but we decided to deploy Sorcerer Linux on most of our machines (100+ employees). When we started the migration planning we were running Win2K Pro and Server and our IT folks were the usual MCSE types. We started out testing RedHat 7.3 on virtual machines using VMWare on Win2K. Our biggest headache was the reluctance to change demonstrated by our IT staff. Frankly, we eventually had to ask some of them to leave (including our Director of IT) - so much for the "Nobody ever got fired for using Microsoft" addage. We found RedHat to be a less than exciting desktop solution, but at the time it made a good server solution. After deploying RedHat as our server solution, we decided to use the sink or swim approach to a desktop rollout and selected Sorcerer Linux as the distribution. This decision was made for two reasons: 1) our investigations showed that Sorcerer had some very powerful, yet "approachable" tools incorporated for maintaining a Linux machine, and 2) it forced the remaining MS-oriented IT staff to learn the nuts and bolts of Linux. We also learned that most users were more comfortable with the KDE desktop, rather than the Gnome orientation of RedHat. Finally, when RedHat changed their distribution model, we moved our server solution to Mandrake (they're similar enough that the changeover really amounted to installing Mandrake and moving some configuration and data files over).

For a small company in a bad economic environment, we've saved a lot. Our machine turnover is relatively light, so we typically purchase barebones machines without the "Microsoft tax" (a pre-installed copy of the latest MS Windows OS). The only downside is that I've had to "temporarily" manage the IT arena.

Collapse -

Apt-get rpm works very well!

by Gorto In reply to Effectively manage Linux ...

I've been using Linux on the desktop and in the server room for about four years now. Upgrades were always manual and very painful to complete successfully. I've tried Slackware, SuSe, Mandrake and RedHat. Each has its strong points but we finally settled on RedHat. I liked the fact that it is well supported and that RPM's are much easier to install than building from source. I recently ran across an article discussing the use of Debian's apt-get tool to install RPM's on RedHat distributions. This is a great package management tool and I have installed it on all of our RedHat Servers. It's straightforward, fast and it manages dependencies to boot. One of the servers that we run is a Postfix Email server. We were able to upgrade immediately after an exploit was found. It took minutes and the best part is that it is free. I see it as a very viable alternative to many of the non-free package management tools that I have seen. Give it a try!

Related Discussions

Related Forums