Linux - SecurityThis forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Having read several forums, it is my understanding I can run Yum or APT-Rpm to update a particular Linux distribution and in my case Red Hat 9. However how do I which repository is safe to use to download updates?
If you are simply looking for package repositories, there are a number of defaults built into the yum client and there is also a list of "official" ones listed at the YUM website at Duke.
If you are asking "how do I know if these packages aren't tampered with" then there are a number of checks built into yum and rpm. The rpm itself has an md5 checksum which is verified before the package is installed. Of course someone could get around that by modifying the package and then replacing the one in the rpm with one that is valid for the modified package. This is where YUM actually goes one step further than RPM. With RPM the use of GPG key signing is optional. RPM will give you a warning, but still will install the package. With YUM, it will automatically retrieve the Redhat/Fedora GPG key and verify that the package has been correctly signed with the proper key.
I'm not that familiar with the inner workings of APT-RPM, but I would imaging they are pretty similar.
To be honest, I think you're at much lower risk using an automated package installer rather than depending on yourself to check vulnerability lists on a daily basis to make sure all packages are updated. Makes a world of difference to know that you have something like yum when the next Apache remote root vulnerability comes out and you happen to be on vacation that week
Thank you for your reply as well as providing an overview of how Yum differs from APT-Rpm. Based on your reply, I assume you are recommending that I go with Yum as opposed to APT-Rpm.
Honestly, I'm not that familiar with APT-RPM, so I can't really give you a fair comparison of the two. Obviously it will have the built-in security features of RPM, but I believe the enforcement of gpg key signed packages is optional. Your best bet will be took take a close look at the features of both and then make your decision based on which one suits your needs best
The default servers are set in /etc/yum.conf, however you can change these to point to whatever rpm repository you wish. There are a number of alternatives listed at the yum website at Duke University. I believe the yum packages included with Redhat and Fedora have the Redhat or fedora.redhat repositories as their defaults. Obviously if you modify those defaults, you'd want to make sure that you are getting them from a reputable source.
Originally posted by Obie Which sites would you consider as being reputable?
Personally, I'd stick with the default rpm repositories at Redhat/Fedora.redhat . They seem to do a pretty good job of keeping their site secure (as far as I've heard).
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.