Where to Go for Timely Alerts

The worst thing that can happen to a security administrator is to be

oblivious to the newest, and thus most pressing, vulnerabilities that

can affect your systems. Without prompt action -- upgrades, patches,

increased access restrictions, or turning off software all together --

you are likely to fall victim to the latest exploits or worms.

So, whom should you turn to for this nay-crucial information? You can

find good Linux security information at a bunch of places, but I trust

very few sources that to provide me timely vulnerability announcements.

Most have both Web pages and email lists. Personally, I don't rely on

Web pages because I've never been good at checking things periodically

(and too many of them don't render well in lynx). I prefer email

because. It's something I check every few seconds and I can use

procmail to make sure important messages get sent to my pager in case

I'm doing something rare, like sleeping.

So, without further rambling, here are my suggestions for must-read

email lists:

* CERT: The granddaddy of alert notification. CERT advisories are

usually reserved for the big problems, such as the widespread

SNMP problems, required careful coordination between multiple

vendors to avoid 'spilling the beans' too early, or the

latest 'Become the Windows Administrator user in 2 easy packets'


$ echo 'subscribe cert-advisory' | mail majordomo@cert.org

* SANS Security Alert Consensus: The SANS organization sends out

alerts similar to CERT, though usually with more useful

information such as custom tools you can use to audit your

systems. This newsletter is actually a weekly security summary,

but they use it for important alerts as well.

$ lynx http://www.sans.org/sansnews/

* Incidents: On this list, admins can submit information about

suspicious network activity they've captured. When new worms and

exploits start making the rounds, this is often the first place

they are seen on the radar. It can get pretty high volume as

folks try to figure out what they're seeing in the wild.

$ echo 'SUBS incidents Firstname Lastname' | mail


* Bugtraq: Bugtraq was the original full disclosure list, and it

is an absolute essential to any administrator. Vendors and

hackers alike announce vulnerabilities here. Often no solutions

are suggested, but folks on the list quickly discuss appropriate

responses to the problem.

$ echo 'SUBS bugtraq Firstname Lastname' | mail


* Linux Distro: Whichever Linux distribution you use likely has an

email list dedicated to security concerns. Sometimes the problems

are specific to a particular distribution's configuration whereas

sometimes they are universal Linux concerns.

Your distribution-specific list will give you the links you need

to see exactly what packages you need to upgrade, including the

download URLs and instructions. Unless you're using Debian, of

course, in which case you can upgrade everything with a mere 32


These are the lists that I use for security alerts. You can subscribe

to many other lists for weekly or monthly news, but for timely security

information, I suggest the above lists so you aren't caught off guard.

ITWorld DealPost: The best in tech deals and discounts.
Shop Tech Products at Amazon