Learn how to acquire and apply vendor patches to your operating system and applications.
Use an available secure system to download patches to apply to a new Unix installation.
Verify software with PGP signatures. Make sure you obtain the author's PGP key from a trusted source (or multiple independent sources).
Check the MD5 checksum of downloaded software.
Read mailing lists that publish general security announcements.
Read mailing lists devoted to your vendors' products.
Consider when and how you will back out a patch that doesn't work.