On 03/02/2016 04:45 PM, Andrew Deck wrote: > The existing tool for this (I think there may be multiple, but the one > I'm familiar with) is debsecan. > https://wiki.debian.org/DebianSecurity/debsecan > > Which seems to have all the features you'd want: > https://scottlinux.com/2015/04/01/debsecan-get-an-emailed-report-of-pending-debian-security-updates/ > Thank you all for your quick answers. I searched a bit before asking but search engines have their limits. I already knew about unattended upgrades but they sound a bit too risky for production. apticron is not security oriented and, as far as i know, it needs lots of tweaking to limit itself to security updates. debsecan seems to be perfect for what I need. debsecan offers a daily email warning by default but I couldn't understand if it is sent at a fixed time or as soon as new security fixes get available... I ended up adding an @hourly cron job with this command: debsecan --suite wheezy --only-fixed --format report --mailto my@email.com --update-history I wonder if I will be warned only once when new security fixes appear or on an hourly basis until I upgrade the server... -- OpenPGP / GPG key: 0x14B7E62420E51038 I encrypt emails with GPG, Thunderbird & Enigmail. Please do the same or use my secure contact form: https://jerome.cc/gpg
Attachment:
signature.asc
Description: OpenPGP digital signature