Security should be your top priority when you’re maintaining a server even if you’re not working with personal information. In addition to hardening your server and properly configuring all of your services, subscribing to mailing lists can help keep your server secure by keeping you up to date on the latest security flaws. It’s difficult to manually keep up with all of the software that runs on your server, hence why subscribing to at least your distribution’s security mailing list is important.
The mailing lists you should subscribe to completely depends on what software, operating system, and the method in which you obtain software for your server. The most important mailing list will be your operating system’s security announcement mailing list. This mailing list should be moderated and shouldn’t contain messages from end users. It may also be beneficial to subscribe to the operating system’s announcement mailing list also to receive alerts about updates to your operating system along with changes that may affect services you are running.
- Debian Security Announcement Mailing List
- Ubuntu Security Announcement Mailing List
- OpenBSD Announcement Mailing List
- FreeBSD Security Announcement Mailing List
- CentOS Announcement Mailing List
The security announcement mailing lists will work fine if you install all of your software through your operating system’s own packages. If you compile or install software from other sources, it’s important to subscribe to the mailing list of each additional application that you have installed or use. It’s not uncommon to also subscribe to the mailing lists of software your server uses even if you update the packages through your operating system’s packages. The mailing list provided by the group or company that creates the software you use will usually send out alerts before your operating system has a chance to send out the announcement.
- nginx Announcement Mailing List
- PHP Announcement Mailing List
- MySQL Mailing Lists
- EXIM Mailing Lists
- Postfix Mailing Lists
- Dovecot Mailing Lists
- Apache Web Server Mailing Lists
There are many additional mailing lists you will want to subscribe to and it’s not limited to just services that run on your server. WordPress, Drupal, and many other CMS systems also contain mailing lists that announce updates and security alerts. In addition, libraries that you use for PHP, Python, Perl, and other languages may also contain mailing lists that are important to subscribe to if you have custom software and applications running on your server.
When you come across a service you use that doesn’t have a mailing list, you are not completely out of luck. Firstly, your operating system’s security mailing list should still send you announcements if that specific package is included in their their repository. In the case that your operating system doesn’t contain the package that is lacking a mailing list, you can subscribe to the Git or Mercurial RSS feed and receive updates when a new releases or tags is created. Packages may also have Twitter accounts where they tweet out when new releases are announced or may have a blog with an RSS feed.