gentoo security

4 jan 2011

security & integrity

just a quick reminder on how to keep your gentoo system safe and sound:

  1. eix-sync; emerge -uDN world this will ensure that all active components (see /var/lib/portage/world are updated) www-plugins/adobe-flash and app-text/acroread will not be updated if not listed there!

  2. check /var/lib/portage/world for software which you don’t need anymore

  3. afterwards: emerge –depclean packages not listed in /var/lib/portage/world will be removed (check carefully)

  4. use glsa-check -f affected (requires a recent eix-sync, done in step (1))

  5. update the gentoo-kernel as often as possible (reboot afterwards) recent kernels are a good thing: sys-kernel/gentoo-sources-2.6.32-r24 NOTICE: i’m refering to the -r24 suffix and not the kernel version in general

  6. reboot your system on security related software/kernel updates (see glibc issue lately, which required a reboot)

  7. only start services you need, disable services which don’t get used anymore

this list is, of course, incomplete. but as i did this wrong until now, there might be other gentoo users out there, who still do. anyone?

saving disk space

check and clean this places:

  1. /tmp

  2. /var/tmp

  3. eclean -d distfiles which will clean out obsolete files from /usr/portage/distfiles

  4. /usr/src/ (often there are old kernel versions, here it is 6,2 gb for 3 kernels)

  5. check /var/db/pkg/// this often contained packages i’ve not been using anymore

  6. use emerge –depclean

  7. check /lib/modules for kernel module size i’ve been using genkernel and i had built all modules, resulting in 1,2gb per kernel

updated: 2011-01-04 added eclean to ‘saving disk space’, thanks to Leifbk

article source