If you’re a sysadmin – and if you’ve got a VPS, you are – how do you learn about new security threats?

If there’s another Heartbleed or Shellshock, you’d probably hear about it just from reading forums – or in the cases of issues that big, the mainstream news.  But what if it’s something a little less dire?  Might still affect you adversely.

With a galaxy of bad actors out there, how do you stay on top of security threats?  Particularly if security is not your day job?  If you work in a big company, there’s a phalanx of security professionals with industry subscriptions and vendors who alert them.  But if you’re just Joe LowEnder with a Debian VM, you’re just as vulnerable without the seven-figure budget to stay on top of threats.

To do that, you need to…

Subscribe to the Appropriate Security Mailing Lists

Distros publish security alerts on email, explaining what the issue and how to rectify the problem.  You really should be subscribed to the security announcement email list for your favorite distro.  Here are some handy links:

Debian: debian-security-announce  There’s also debian-security, which is discussion-oriented but sometimes is a little big ahead of formal announcements.

Ubuntu: ubuntu-security-announce

Alma: alma-security

Rocky: rocky-announce

Bonus Tip: Turn on Automatic Updates

This isn’t really “putting security on easy mode” as some people think.  Security is something you should always be thinking about and there is no way to just wash your hands of it.  But you can improve your posture by always applying the most recent updates.  You can get them as soon as they’re published by enabling automatic updates:

Distros That Use apt (Debian, Ubuntu)

apt install unattended-upgrades
dpkg-reconfigure unattended-upgrades (and say Yes)

Distros That Use dnf (Alma, Rocky)

dnf install -y dnf-automatic
Edit /etc/dnf/automatic.conf and make sure apply_updates = yes
systemctl enable --now dnf-automatic.timer

raindog308

Raindog308 is a longtime LowEndTalk community administrator, technical writer, and self-described techno polymath. With deep roots in the *nix world, he has a passion for systems both modern and vintage, ranging from Unix, Perl, Python, and Golang to shell scripting and mainframe-era operating systems like MVS. He’s equally comfortable with relational database systems, having spent years working with Oracle, PostgreSQL, and MySQL.

As an avid user of LowEndBox providers, Raindog runs an empire of LEBs, from tiny boxes for VPNs, to mid-sized instances for application hosting, and heavyweight servers for data storage and complex databases. He brings both technical rigor and real-world experience to every piece he writes.

Beyond the command line, Raindog is a lover of German Shepherds, high-quality knives, target shooting, theology, tabletop RPGs, and hiking in deep, quiet forests.

His goal with every article is to help users, from beginners to seasoned sysadmins, get more value, performance, and enjoyment out of their infrastructure.

You can find him daily in the forums at LowEndTalk under the handle @raindog308.