How do you manage security updates ?

  • Thread starter Thread starter topi
  • Start date Start date
T

topi

Guest
My question is really simple : how do you manage security updates of Debian/Proxmox ? As far, I was not able to find such a topic in the forum.

I request you point of view and your experiences about that topic. I'm sure a lot of people would be interested in the best practices of more experienced users.

I mean, I've a server,in production, running Proxmox 2.2 and it works great ! But, regularly there are security updates either from Debian or from Proxmox (apt-get update, apt-get upgrade) ... and I don't know how to manage them ???
In my very short use of Debian/Proxmox I've no idea how far these updates have been tested and if it is wise to apply them in a production environment.

I can see several possibilities about the updates :
- you are quiet confident and you apply them as soon as possible
- you are more cautious and you wait for a downtime to apply them
- you apply them on a test server before applying them on a production server
- you are not confident at all and you never apply them
- ?

And here, I do not even talk about kernel updates.

I'm also curious to know on which basis (if) you update your server (every day, every week, every month ...) ? And is that something you automatized or you make it by hand ?

Regards

Topi
 
topi said:
I'm also curious to know on which basis (if) you update your server (every day, every week, every month ...) ? And is that something you automatized or you make it by hand ?
Click to expand...

That depends on you 'security' requirements. We usually do update by hand (I consider automated updates too dangerous within a server environment).
 
you can configure your apt that you get informed about new packages - then you can if an update is needed and you can manually update your servers.
 
We use Nagios to monitor either physical servers and virtual. There is a sensor to alert when updates are available. Of course, we do not use Nagios only for update but for a lot of parameters.

We have a scrit which launch update in a ssh ( putty ) environment but we check each by hand.
 
Thank you for your answers. It is very interesting to know how you handle updates.

@mel128 : thanks for the tip. I also implemented Nagios to monitor my servers, but I didn't know such a check_apt plugin existed. I'll try it.
 
Hello,

I'm still interested in your experience feedback about updates. How do you manage them with Proxmox ?

topi
 
You must log in or register to reply here.
Top Bottom
Back