Security

**eadz** · 10-03-2003, 02:03 PM

The bad news is that as Knoppix was never designed to be installed to the hard drive, it doesn't have a security policy or procedure.

The good news is that it's based on Debian which does.

If you have installed Knoppix to your hard drive, there may be security updates you need to install. There is a basic Security Updates HowTo in the Documentation section of this website. Please keep your machine updated.

**Cuddles** · 12-29-2003, 11:30 PM

Eadz, going to the link in your post, it suggests to add a few sites to your upfate/upgrade file, I added one, and the first apt- anything caused an error that you need to resolve something with the site, I am quite sure I added the site correctly, but had to comment the site out because it caused any apt-get to crash...

This is the entry:
# Security updates for "unstable" user inserted per SecurityHOWTO
# AptGet warnings on the below path REMOVED by user until resolved
#deb http://security.debian.org unstable/updates main contrib non-free

Cuddles

**Stephen** · 12-30-2003, 12:58 AM

Originally Posted by Cuddles

Eadz, going to the link in your post, it suggests to add a few sites to your upfate/upgrade file, I added one, and the first apt- anything caused an error that you need to resolve something with the site, I am quite sure I added the site correctly, but had to comment the site out because it caused any apt-get to crash...

This is the entry:
# Security updates for "unstable" user inserted per SecurityHOWTO
# AptGet warnings on the below path REMOVED by user until resolved
#deb http://security.debian.org unstable/updates main contrib non-free

Cuddles

It fails for me too you should leave it commented out. You can get security updates for unstable by subscribing to the Debian Security Announce mailing list at http://lists.debian.org and you will have the announcements emailed to you there is usually not many mails it is a low volume list. Then you can check to see if the package(s) in the announcement(s)is installed on your system with apt-cache policy package_name_in_announcemnet. To upgrade the package to the new one in the announcement apt-get install package_name_in_announcemnet/unstable.

**c123** · 03-14-2004, 11:36 AM

is it still recommended to have deb http://security.debian.org unstable/updates main contrib non-free commented out?

**blockme** · 05-12-2004, 07:39 AM

out-comment the security update is not the best way i think. i was using these lines for my older 3.3 install of knoppix and it worked fine for me (i got all the security updates with apt-get update | apt-get upgrade)

i havent tried 3.4 yet. hopefully this evening though. but i will setup apt again because is the easiest way to keep your system up to date. no need for installing security patches the manual way or smth.

**pureone** · 02-02-2005, 04:18 PM

will apt-get upgrade deal with security updates as well even if security.debian.org is not in the source.list?

**peabody** · 03-08-2005, 08:28 AM

I highly recommend everyone head on over to Debian.org and check out the documentation section, particularly the FAQ and the reference manual. Provided you read everything in those two guides carefully, it should tell you most of what you need to know about runnig a Debian system.

With installing Knoppix, you're running Debian testing by default. Debian testing doesn't use the security updates branch because that branch is specific to stable. In other words, the only updates that stable receives are from security. Testing and Unstable are updated frequently, while stable is only updated when a security hole needs fixing. So yes, it's a good thing to comment out the security section.

**NuxIT** · 05-18-2006, 06:08 AM

Thanks for this info. I just ran my first apt-get & apt-upgrade while ssh'd into my box from work. It ran 170Megs worth of updates and is still updating. Only 5% of diskspace left! Cutting it really close here. Hope all goes well when I get home and reboot.. (Crosses fingers)

BTW, I ran into quite a few prompts asking if I wanted to keep my installed version of certain packages (default) or install the package maintainers version.. I choose the later on all these.. I figured if I'm updating I should update all packages instead of using the same one I was previous to update. Any suggestions? Some of the packages that asked if I wanted to update were:
auto.smb
gpm.conf
i2e.conf

TBH

**NuxIT** · 05-19-2006, 04:17 AM

Welp, I'm very sad to report this botched my knoppix load pretty bad. Now, instead of taking 2 days to boot up it takes 3 and then it wont' even load the Knoppix GUI. I can get into other GUI's but now I'll need to reload. Guess that'll teach me to hastly run updates without researching. I loved Knoppix but I think it's time I move on to a more HDD friendly package that has as many utilities as Knoppix but is also easily upgraded. Dedicated debian may be the answer at this point.