Re: script for security update notification
On Fri, 24 May 2002, Matt Zimmerman wrote:
> On Fri, May 24, 2002 at 09:41:46AM -0400, Nathan Valentine wrote:
> > I'm thinking of writing a script but I am hoping that someone else has
> > beaten me to the punch. Perhaps someone has seen something that will do
> > this:
> > 1) Check the Debian security announcement list.
> > 2) Compare new announcements to the local package database.
> > 3) If vulnerable packages installed, send an 'I need updated' email to
> > an address defined by the SysAdmin.
> > Anyone ever seen such a beast? I've searched the archives of this list
> > and not found any reference to anything along these lines.
> If an announcement has been made, then there is a fixed package available,
> and (assuming you have the relevant sources.list entry) it will be
> automatically made available to apt, and all you need is a tool like
> apt-show-versions (or even apt-get) to automatically retrieve a list of
> packages for which updates exist.
This can be simply done with the following statement:
apt-get -qq update && apt-get -dqq upgrade && apt-get -sqq upgrade
(assuming your machine is 24/7 connected to the internet and you have
securiy.debian.org in your /etc/apt/sources.list)
This will update your packages list, and then simulate an
upgrade. Schedule it using a cron job, and you will only receive mail if
new packages are available. I use this to maintain a network of about 50
Debian servers (potato and woody).
Hope this helps,
Teun Vink - firstname.lastname@example.org - icq: 15001247 - http://teun.moonblade.net
To UNSUBSCRIBE, email to email@example.com
with a subject of "unsubscribe". Trouble? Contact firstname.lastname@example.org