Sometimes, servers can become compromised through no direct fault of the administrator. There exist what are known as zero-day exploits -- malicious code affecting a particular product or service which is circulated before the vendors or maintainers are even aware of the vulnerability.

Fortunately for us, this is relatively rare. The vast majority of server-level compromises are due to bone-headed system administrators failing to patch or configure their software properly. :-) Once a system administrator is made aware of a weakness, he or she must assess the situation and take immediate action (even if that action is to decide that a patch isn't needed). There are situations in which a patch may be more trouble than it's worth; only you can determine how much you value your data.

Admittedly, it's not always easy to be made aware of security holes, particularly when it comes to less-common packages. That's why we've compiled a list of some helpful information sources:

• Secunia Advisories -- Comprehensive. Includes mailing lists and searches for vulnerabilities by product and vendor.
• LinuxSecurity.com -- News and mailing lists for Linux security alerts (and other security-related news).
• U.S. CERT Technical Cyber Security Alerts -- Serious alerts for many products and vendors; generally only remotely-exploitable vulnerabilities. This will not be sufficient if you are running a multi-user system.
• National Vulnerability Database -- Very comprehensive.
• Gentoo Linux Security Advisories
• Fedora Security Mailing List
• Red Hat Security Announcements
• CentOS Announcements
• Debian Security Information
• Ubuntu Security Notices