Webserver patching strategy
This is a general question, OS-independent.
If you run a webserver, I have a few questions:
1) With security in mind, how often do you upgrade patches of both the OS and the webserver?
2) How often do you upgrade the OS release?
3) Do you test the patches in a test environment before you apply them?
4) do you upgrade ALL the available patches or just a subset?
I'd like to see how you guys manage webservers, and what it is the standard being followed. It can be different from OS to OS, but I want a general idea.
Currently, I patch my servers every 6-3 months, and I use a recommended set by the vendor. However, this doesn't seem the best idea for a webserver!
If you run a webserver, I have a few questions:
1) With security in mind, how often do you upgrade patches of both the OS and the webserver?
2) How often do you upgrade the OS release?
3) Do you test the patches in a test environment before you apply them?
4) do you upgrade ALL the available patches or just a subset?
I'd like to see how you guys manage webservers, and what it is the standard being followed. It can be different from OS to OS, but I want a general idea.
Currently, I patch my servers every 6-3 months, and I use a recommended set by the vendor. However, this doesn't seem the best idea for a webserver!
Comments
-
jibbajabba
Member Posts: 4,317 ■■■■■■■■□□
Windows
1) Personal server : Every Tuesday, Corporate : once / twice per year, Old job : Last week of the month after 10pm
2) never unless resource contention requires it (i.e. Standard to Enterprise to allow more RAM)
3) Nope, backups are taken prior patch runs
4) yes
Linux
1) Old job : Last week of the month after 10pm, personal server : runs update per cron job and exlucdes kernel - kernel: whenever I feel like it
2) never, CentOS updates its revisions automatically anyway (5.3 / 5.4 and so on)
3) nope
4) yes
As for specifically webserver : On Windows - no change to usual upgrade procedure. On Linux; LAMP is installed via source and will not be touched via package management. PHP / Apache / MySQL are usually not updated unless required for whatever reason - These components are dangerous to upgrade (depending on code base) as features are usually removed / stopped working etc.My own knowledge base made public: http://open902.com
-
ChooseLife
Member Posts: 941 ■■■■■■■□□□
Once every 3 months1) With security in mind, how often do you upgrade patches of both the OS and the webserver?
If you mean major version ugrade, then whenever the new LTR gets released, i.e. once every a few years2) How often do you upgrade the OS release?
Yes, it goes through full QA cycle in 3 separate environments3) Do you test the patches in a test environment before you apply them?
All of them4) do you upgrade ALL the available patches or just a subset?
HTH“You don’t become great by trying to be great. You become great by wanting to do something, and then doing it so hard that you become great in the process.” (c) xkcd #896
GetCertified4Less - discounted vouchers for certs