quesera - 1:44 pm on Feb 9, 2011 (gmt 0)

wheel wrote:

Kudos to the hardcore, but I'm looking to the get job done. All these gui's and auto-updates let me work like a windows user. Mostly it works and I don't have to think.

This is actually sort of true in the Linux world now...CentOS and RHEL do a pretty good job of making sure that your auto-update process won't break things. They're usually many versions behind "latest" for any given software pkg, and they're not super speedy about getting security patches in...but they usually don't break your server.


digitsix asked:

I just want a simple way to keep on top of security issues that arise for my services (apache, proftpd, qmail, vpopmail, courier imap, assp, php, mysql, Freebsd system)

You'll never stay on top of 0-day vulnerabilities, by definition. But unless you're a bank or other high-value target, you won't get hit by 0-day exploits either. So what you really want to do is stay on top of security patches for the packages you use.

Some of the communities you list maintain security-only mailing lists and/or RSS feeds. That might be step 1.

More generally, you might be able to find a service (sourceforge?) that will notify you when a new version of a cared-about software package is released. You might have to check the release notes for security-related bugfixes and decide whether to update on a case-by-case basis. But it's a start.

If you're on FreeBSD, there are positives and negatives. Positive: you can update your ports tree via script to see if any packages you care about have rev'ed. Negative: ports sometimes lag official releases by a few days... but for big important stuff like you listed, you'll probably have good luck.