[clug] Distro advice for server
Chris Smart
chris at kororaa.org
Wed Jun 7 23:44:17 GMT 2006
On 7/6/06 8:49 PM, "jan" <janmar at iprimus.com.au> wrote:
> There are 2 proposals to fix these issues:
>
> 1.
> http://www.gentoo.org/proj/en/glep/glep-0014.html
[snip]
> 2.
> http://www.gentoo.org/proj/en/glep/glep-0019.html
Thanks Jan,
Actually this is exactly what I utilise on my current Gentoo servers. I have
a bash script which checks (whenever you set it in crontab) for security
vulnerabilities and emails me a list, like so:
"Daily vulnerability report for hezekiah.gensys.local ()
200604-08 [N] libapreq2: Denial of Service vulnerability (
www-apache/libapreq2 )
200605-05 [N] rsync: Potential integer overflow ( net-misc/rsync )
200605-17 [N] libTIFF: Multiple vulnerabilities ( media-libs/tiff )"
Then I remote in and fix them. I've attached the script in case it's useful
to anyone else.
There is a daily check, and an hourly check. If a vulnerability has been
found then the daily check won't re-email you until you've fixed it (and
then when you do emails you that they were resolved). But the daily one is a
summary, which you get no matter what.
Naturally GLSA only works when you are updating portage, so add that to
crontab too.
-c
More information about the linux
mailing list