Sometimes, servers can become compromised through no direct fault of the administrator. There exist what are known as zero-day exploits — malicious code affecting a particular product or service which is circulated before the vendors or maintainers are even aware of the vulnerability.
Fortunately for us, this is relatively rare. The vast majority of server-level compromises are due to neglected services that haven’t been patched to prevent old, well-known exploits. Once a system administrator is made aware of a weakness, he or she must assess the situation and take immediate action (even if that action is to decide that a patch isn’t needed). There are situations in which a patch may be more trouble than it’s worth; only you can determine how much you value your data.
Admittedly, it’s not always easy to be made aware of security holes, particularly when it comes to less-common packages. That’s why we’ve compiled a list of some helpful information sources:
- Secunia Advisories — Comprehensive. Includes mailing lists and searches for vulnerabilities by product and vendor.
- LinuxSecurity.com — News and mailing lists for Linux security alerts (and other security-related news).
- U.S. CERT Technical Cyber Security Alerts — Serious alerts for many products and vendors; generally only remotely-exploitable vulnerabilities. This will not be sufficient if you are running a multi-user system.
- National Vulnerability Database — Very comprehensive.
- Gentoo Linux Security Advisories
- Fedora Security Mailing List
- Red Hat Security Announcements
- CentOS Announcements
- Debian Security Information
- Ubuntu Security Notices