Fedora

Automatic Security Updates with DNF

The dnf package manager and dnf-automatic tool can be used for automated security patching on Linux systems. It requires only a few steps to set it up.

Summary of Automatic Security Updates with DNF

The Dandified YUM tool, DNF, has become a powerful package manager for systems running Fedora. As it looks now, it will become also the default package manager for CentOS 8 and RHEL 8. One of the benefits from dnf is the option to retrieve security information very easily. This allows us to use it for automatic security patching of our Linux systems. Let’s explore the options and see how dnf-automatic can help us with fully automated patching.

Read the full article…

Determine Processes Which Need a Restart with checkrestart/needrestart

Just patching software packages is not enough. We cover a few utilities which help you to determine which processes need a restart to complete software patch management.

Summary of Determine Processes Which Need a Restart with checkrestart/needrestart

Proper software patch management helps reducing weaknesses on your systems. But even if you patched an outdated system, old processes and libraries can continue to run in memory. For example when a library is updated, an active program might still use the old version. To really finish the process of software patching, we have to do more. This includes preparation, performing the update and finally check if we need a restart of software components.

Read the full article…

Difference between CentOS, Fedora, and RHEL

Difference between CentOS, Fedora, and RHEL. The biggest open source company is nowadays Red Hat. It is known for its contributions to many open source projects, including the Linux kernel itself...

Summary of Difference between CentOS, Fedora, and RHEL

The biggest open source company is nowadays Red Hat. It is known for its contributions to many open source projects, including the Linux kernel itself. Less known is that Red Hat is involved in different Linux distributions, directly or indirectly. Fedora Fedora has received many updates and individual releases over the years. It is a playground for new functionality. Often new technology is found here. It can be compared with other distributions like Arch Linux, except that it is slightly less aggressive in deploying the latest software components for everything.

Read the full article…

Find the alternatives: CIS-CAT auditing tool

Sometimes time or money is limited. We hunt to find great alternatives to commercial solutions. This time alternatives for the CIS auditing tool CIS-CAT.

Summary of Find the alternatives: CIS-CAT auditing tool

The Center for Internet Security, CIS for short, is the organization behind several in-depth hardening guides. The quality of these hardening guides is outstanding, with a high level of detail. This high level of detail has one downside: it costs a lot of time to read, try and test the recommendations. Sometimes we simply don’t have the time to do an extensive audit by hand. Let alone the time to actually repeat the auditing and hardening steps on a regular basis.

Read the full article…

Showing Available Security Updates with DNF

Systems running Fedora have the DNF utility. With DNF it becomes easily to install packages and stay up-to-date with security related updates.

Summary of Showing Available Security Updates with DNF

Checking Security Updates for your Software Packages DNF is the default package manager since Fedora 22. As it is considered to be a better version of YUM, some of our Lynis users asked for DNF support. With focus on auditing and security patching, we definitely wanted to see that for ourselves. While building support, I’ve gathered the most important commands. In this blog post we will have a look how we can leverage the DNF output to show only the available security updates.

Read the full article…