LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices

View Poll Results: How often do you upgrade your kernel?
Once a month 5 14.71%
Once a quarter 13 38.24%
Once a year 9 26.47%
More than once a month 7 20.59%
Voters: 34. You may not vote on this poll

Reply
 
LinkBack Search this Thread
Old 11-18-2009, 10:47 PM   #1
abefroman
Senior Member
 
Registered: Feb 2004
Location: Chicago
Distribution: CentOS
Posts: 1,249

Rep: Reputation: 53
How often do you upgrade your kernel?


How often do you upgrade your kernel?
 
Old 11-19-2009, 12:47 AM   #2
Stéphane Ascoët
Member
 
Registered: Feb 2004
Location: Orleans, 120 km south of Paris
Distribution: Mandrake, Freeduc (the one I'm making), Slackware, MacOS X
Posts: 111

Rep: Reputation: 20
Post Almost never...

The one that is in my head: never...
My Linux ones: Only when I'm forced to do it(newer kernel needed by new software).
 
Old 11-19-2009, 04:19 AM   #3
DragonSlayer48DX
Registered User
 
Registered: Dec 2006
Posts: 1,454
Blog Entries: 1

Rep: Reputation: 74
Every three years, when I upgrade my distro.
 
Old 11-19-2009, 10:39 AM   #4
unixfool
Member
 
Registered: May 2005
Location: Northern VA
Distribution: Slackware, Ubuntu, FreeBSD, OpenBSD, OS X
Posts: 781
Blog Entries: 8

Rep: Reputation: 157Reputation: 157
Quote:
Originally Posted by Stéphane Ascoët View Post
The one that is in my head: never...
My Linux ones: Only when I'm forced to do it(newer kernel needed by new software).
Agreed. There have been times where I've waited 2+ years and mitigated the risk (and things were fine). This is for a server that I treat as a production machine, though its for my own use and isn't business-affiliated. For a network that is exclusively Linux though (or close to it), I'd probably have a more frequent upgrade plan.
 
Old 11-19-2009, 01:43 PM   #5
H_TeXMeX_H
Guru
 
Registered: Oct 2005
Location: $RANDOM
Distribution: slackware64
Posts: 12,928
Blog Entries: 2

Rep: Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266Reputation: 1266
Quote:
Originally Posted by dragonslayer48dx View Post
Every three years, when I upgrade my distro.
Around that. Sometimes I may have a reason to upgrade sooner, but it's rare.
 
Old 11-19-2009, 02:06 PM   #6
mostlyharmless
Senior Member
 
Registered: Jan 2008
Distribution: Slackware 14.1 (multilib) with kernel 3.13.2
Posts: 1,467
Blog Entries: 10

Rep: Reputation: 142Reputation: 142
Agree with the above, unfortunately there aren't any options for that in your poll.
 
Old 11-19-2009, 02:43 PM   #7
AlucardZero
Senior Member
 
Registered: May 2006
Location: USA
Distribution: Debian
Posts: 4,570

Rep: Reputation: 510Reputation: 510Reputation: 510Reputation: 510Reputation: 510Reputation: 510
If there's a security update, I'll install it but not reboot until I have another reason for it.
 
Old 12-01-2009, 11:00 AM   #8
i92guboj
Gentoo support team
 
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,029

Rep: Reputation: 368Reputation: 368Reputation: 368Reputation: 368
The only correct answer for a machine that's connected to the net is "each time there's a new stable release". Unfortunately there's no such option in the poll, I will vote more than once a month because that's roughly every two weeks I think.
 
Old 12-01-2009, 11:13 AM   #9
GrapefruiTgirl
Guru
 
Registered: Dec 2006
Location: underground
Distribution: Slackware64
Posts: 7,594

Rep: Reputation: 542Reputation: 542Reputation: 542Reputation: 542Reputation: 542Reputation: 542
I'm pretty much with Jesús above -- I follow the patches on kernel.org, and when one either is security related, or fixes or improves something related to my hardware (or in the case of major (?) version increases like from 2.6.30 -> 2.6.31), I generally patch up to that release and rebuild. Sometimes this means rebuilding more than once per month, and sometimes less often. I voted for option 4.

Sasha
 
Old 12-01-2009, 12:22 PM   #10
anomie
Senior Member
 
Registered: Nov 2004
Location: Texas
Distribution: RHEL, Scientific Linux, Debian, Fedora, FreeBSD
Posts: 3,925
Blog Entries: 5

Rep: Reputation: Disabled
Believe it or not, due to office change control procedures and/or politics, it's not always possible to perform frequent kernel upgrades. It's easy to take a hard line on this (which I agree with, BTW), but when the boss man refuses and you have a mortgage to pay, you'll likely adhere to the formal policy.

I voted "once a year". That's what it realistically is on certain production systems.
 
Old 12-01-2009, 02:23 PM   #11
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604
Indeed business agreements dictate different upgrade routines but for a net-facing SOHO machine to only receive updates on a yearly basis or more just does not seem right IMHO. For me personally it's within 24 hours of time of update for (almost all) machines.
 
Old 12-01-2009, 02:35 PM   #12
abefroman
Senior Member
 
Registered: Feb 2004
Location: Chicago
Distribution: CentOS
Posts: 1,249

Original Poster
Rep: Reputation: 53
Quote:
Originally Posted by unSpawn View Post
Indeed business agreements dictate different upgrade routines but for a net-facing SOHO machine to only receive updates on a yearly basis or more just does not seem right IMHO. For me personally it's within 24 hours of time of update for (almost all) machines.
Since there is at least one local level privilege escalation exploit a year that is a pretty bad move to do it only once a year or less.

I've been using fanout to run a yum update and then reboot multiple servers at once.

Then I have fanout run uname to make sure the kernel upgrade took effect. Sometimes I have to change grup, or yum has a dependency problem that needs fixing.
 
Old 12-01-2009, 03:13 PM   #13
i92guboj
Gentoo support team
 
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,029

Rep: Reputation: 368Reputation: 368Reputation: 368Reputation: 368
For workstations that don't contain anything critical you can live with the same kernel for 20 years if that's your boss' wish, but for a production machine that's exposed to the net, that's just plain wrong. If that's the boss' policy, so be it, but that doesn't make it any better.

I know you have no control over that, but it like everything wrong in life: you can ignore it or try to change it.
 
Old 12-01-2009, 03:35 PM   #14
unSpawn
Moderator
 
Registered: May 2001
Posts: 26,534
Blog Entries: 51

Rep: Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604Reputation: 2604
Quote:
Originally Posted by i92guboj View Post
For workstations that don't contain anything critical you can live with the same kernel for 20 years
So how about machines that are not part of the critical infrastructure but may serve as springboard to other systems?..
 
Old 12-01-2009, 03:51 PM   #15
i92guboj
Gentoo support team
 
Registered: May 2008
Location: Lucena, Córdoba (Spain)
Distribution: Gentoo
Posts: 4,029

Rep: Reputation: 368Reputation: 368Reputation: 368Reputation: 368
Quote:
Originally Posted by unSpawn View Post
So how about machines that are not part of the critical infrastructure but may serve as springboard to other systems?..
It depends on the kind of access they have to the critical systems. Anything containing sensible info should be secured as much as possible. It needs to be evaluated on a case by case basis.

In general, I never neglect any machine, even if it's function is apparently trivial.
 
  


Reply

Tags
kernel, security, upgrade


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off
Trackbacks are Off
Pingbacks are On
Refbacks are Off


Similar Threads
Thread Thread Starter Forum Replies Last Post
Kernel Audit Support Unavaible error when booting after kernel upgrade abefroman Red Hat 2 03-21-2013 08:32 AM
can i upgrade the red hat EL4 ES kernel to AS Kernel without upgrading the whole OS? oreaba Linux - Newbie 6 08-19-2008 02:08 PM
apt-get upgrade does not upgrade my kernel halfpower Debian 5 12-11-2005 09:53 AM
What first upgrade kernel or upgrade slack 10.0 to current Kelean Slackware 7 01-16-2005 06:54 PM


All times are GMT -5. The time now is 02:14 PM.

Main Menu
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
identi.ca: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration