One of the things I like about our Friday Spotlight is not only do we talk about new things, it also gives us an opportunity to highlight older material that is still valuable. That's the case with this week's spotlight, which is about an article from 2012 that covers tips for hardening an Oracle Linux server. If you've come to Oracle Linux in the last couple of years, you might not have seen this, and it's just as a relevant today as it was then.
This in-depth article covers minimizing active services, locking down network services, managing users and authentication, and much more. If you're a Linux administrator, you might want to consider adding this article to your Reading List, saving to Pocket or Evernote, or whatever mechanism you use to hold on to good resources.
I have recently received several questions about how to find information relating to critical security updates or important errata releases for Oracle Linux. I realized that perhaps people were not aware of the new features and improvements to Unbreakable Linux Network (ULN), which assist users with common administrative tasks. I wanted to take a quick moment to highlight for you some of the changes we have made. First, there are two links you will want to bookmark:
Each link will allow the user to evaluate what updates have been made available for Oracle Linux.
With https://linux.oracle.com/errata you are able to view all errata releases available, listed by type, severity, advisory, summary and release date. In addition, you are also able to filter this list by release and/or type (Bug, Security, Enhancement) and if you select an item from the list you will receive additional details regarding the errata, including a description, related CVEs and the packages updated by the errata. You can also navigate to this same information by logging into ULN and selecting the 'Errata' tab from the options across the top.
For those who need information on security errata involving CVE identifiers (Common Vulnerabilities and Exposures) we have created https://linux.oracle.com/cve. This site allows you to gather information on important CVE identifiers, by providing a summary of all CVE offered through ULN. This summary is listed by CVE identifier and includes a brief synopsis and the release date. You can also filter the list by year. In addition, when you select a specific CVE identifier, you will receive additional details, such as information on CVSS v2 metrics as well as affected platforms.
We have been working to bring more features to ULN and these updates should provide more tools to simplify your administrative activities. Happy patching!