OS X client users are generally pretty quick to do Software Updates. Judging from the feedback I've gotten from some Mac server admins related to my Leopard Xserve's devastating break-in, unattended OS X servers tend to get updated far less often. You can (and should) automate daily OS X Server Software Update checks and auto-reboots after critical updates are installed. Does this potentially create inconvenience for users and disrupt services? Infrequently, and it's nothing compared to having your server turned into a staging area for 'net terrorists.
What prompted me to get this post out so quickly? I just finished Software Update on the new MacBook Pro eval I'm using, and when it asked me for permission to reboot, I said "JC! I didn't update my server!" Rats. I should have done that first.
The update's in. I'm off to fire up Snort to watch the dink squad wipe their mouse hands on their pants and frantically sniff the 'net for unpatched Macs. One day, computer science will find a cure. Until then, do some homework to tune your Spamassassin and firewall rules. I'll help with that.
Posted by Tom Yager on May 29, 2008 01:26 PM
