this post was submitted on 27 Oct 2024
54 points (96.6% liked)

technology

23325 readers
314 users here now

On the road to fully automated luxury gay space communism.

Spreading Linux propaganda since 2020

Rules:

founded 4 years ago
MODERATORS
 

Specifically, a dedicated server running Debian 12.

After a monthly sudo apt upgrade? (Is a monthly upgrade even necessary?)

Never? (unless there is a security update?)

Edit: I may be missing kernel upgrades. Those are probably good... I can't remember if I installed a LTS kernel. I imagine it would be unsecure to post an exact kernel version, however.

you are viewing a single comment's thread
view the rest of the comments
[โ€“] [email protected] 8 points 1 month ago (1 children)

If there's a serious security bug, like Heartbleed, you should totally update and reboot the service. That is basically the only "must" for staying atop things. The rest is mostly personal preference.

In my job I maintain publically exposed Linux servers, and many of them don't get rebooted for years. I think our record is about five years.

Yes, if you want your server to be theoretically the rootinest tootinest securest setup ever, you should update about every 6 hours, but even then you're just more vulnerable to repo attacks (which have happened a few times lately). Apt upgrade every month or three is probably good practice to keep on top of bugs.

So really, how frequently do you need to reboot? Eh. So long as it works, there are no critical kernel vulnerabilities, and updates are available, I really would argue you should never "have" to.

Servers are horses for courses, if you're being heavily targeted by hackers, obviously stay on top of updates, but if your server is pootling along without harassment and doesn't contain life-altering stuff if it got leaked, then don't worry too much. A standard, barely-changing, 'stable' build is usually a very secure one.

[โ€“] [email protected] 6 points 1 month ago* (last edited 1 month ago)

Thanks! Very informative.