RE: Automatic Security Patching for Debian

From: Adam Shephard (adams@firstfederalbanking.com)
Date: 08/26/02


From: Adam Shephard <adams@firstfederalbanking.com>
To: 'Kristian Du' <kristian_du@katamail.com>, security-basics@securityfocus.com
Date: Mon, 26 Aug 2002 08:38:58 -0500


> Wouldn't it be nice to have a piece of software, such as apt-get
> combined with nessus, that port-scans your machine and retrieves from
> the net existing patches and installs them for you automatically?

Well, since you're talking about Debian specifically, you could just write a
little Perl script that

1. modifies /etc/apt/sources.list to comment out all lines except the one
containing the deb line for security updates
2. does an apt-get update
3. does an apt-get upgrade
4. modifies /etc/apt/sources.list to uncomment the lines commented out in
step 1

Throw in a cron job to run this on a regular basis and you have a system
that updates all of the existing security patches, whether you have a hole
or not.....if that is what you really want.



Relevant Pages

  • Re: New install and newbie questions
    ... that is the beauty of apt-get. ... should add the 'security' and 'volitile' lines to your ... updates which means it only fixes bugs that are security related. ... Is there an online resource that will start walking me through the differences between Debian and, say, Redhat, Mandrake, Suse, or other distributions? ...
    (Debian-User)
  • Re: unattended upgrades
    ... Rudy Gevaert wrote: ... > I was wondering what the best way is to do an unattended apt-get ... You can run a script to check for updates ... You might want to install apt-listbugs too, ...
    (Debian-User)
  • Re: Debian apt-cdrom questions
    ... > command for apt-cdrom is add, which updates the indexes. ... > point to an install location. ... > How do I tell apt-get to forget the rest of the world, ... Make sure it will use the CDROM entries first. ...
    (comp.os.linux.misc)
  • Re: Dapper - more updates skipped
    ... Is there something wrong with those updates? ... Or is this a new Dapper bug? ... So apt-get is smart enough not to upgrade automatically some packages ... You have to manually inform you want to upgrade everything. ...
    (Ubuntu)
  • Re: apt-get problem (solved)
    ... > Ive used apt-get in the past, ... > genbasedir $TOP os updates ... > So, Im missing something, as now I get the error message: ...
    (Fedora)