[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: making Debian secure by default

On Thu, Mar 28, 2024 at 4:07 PM Andy Smith  wrote:
>
> Hi,
>
> On Thu, Mar 28, 2024 at 12:22:57PM -0400, Lee wrote:
   ... snip ...
>
> Documentation and integration is perpetually out of date in Linux.

Right.  Intellectually I know that; emotionally I find it a bit
difficult to accept.

> Also no one can agree on which documentation is canonical,

another area I'm struggling to accept.  Seeing referrals to the Arch
wiki on a debian mailing list just seems wrong..

> > Is there really nothing better than sudo find / <something to show
> > files with uid or gid perms> and try to figure out which of those
> > program are not necessary?
>
> I don't think there is, no. After finding each of those things you
> would need to do some research on each one.

Right.  That's what I was trying to avoid.

> Those that are
> particularly worrisome probably already do have some notes
> somewhere.
>
> > $ sudo crontab -l
> >    ...
> >  47  4  *  *  *  (apt update >> apt-update.log 2>/dev/null) && \
> >                       (apt list --upgradable 2>/dev/null |\
> >                       egrep -v '^Listing' >| /etc/motd)
>
> You may like to look in to "apticron-systemd" for a systemd timer
> that does the above.

Nope.  I can't remember what I asked on this list years ago, but I got
a few suggestions on how to be notified about software updates and
ended up writing my own script.  If nothing else, I trust it to work
properly.
I also trust that if there's a problem with my script someone will let
me know :)

Thanks,
Lee
Reply to: