Security Handbook/Staying up-to-date

This section is on keeping the system up-to-date. == Keeping up-to-date == Once you have successfully installed your system and ensured a good level of security you are not done. Much like development, security is an ongoing process; the vast majority of intrusions result from known vulnerabilities in unpatched systems. Keeping the system up-to-date is the single most valuable step to take for greater security.

First sync the Portage tree with and then issue the following command to check if the system is up to date security-wise:

All lines with a  and   can be almost safely ignored as the system is not affected by this GLSA.

Check all GLSAs:

See what packages would be emerged:

Apply required fixes:

If you have upgraded a running service, you should not forget to restart it.

Keeping the kernel up-to-date is also recommended.

If you want an email each time a GLSA is released subscribe to the gentoo-announce mailing list. Instructions for joining it and many other great mailing lists can be found in the Gentoo mailing lists.

Another great security resource is the Bugtraq mailing list.