[clug] ACSC Essential 8 for Linux - local package repositories

Stephen Hocking stephen.hocking at gmail.com
Sun Mar 31 05:02:02 UTC 2019

Using Red Hat Satellite, it's quite straight forward. There's a few white
papers kicking around describing how to do it. Haven't really looked at the
Debian/Ubuntu side of things.

On Sat, 30 Mar 2019 at 12:56, Robert Edwards via linux <
linux at lists.samba.org> wrote:

> I'm guessing that some on this list need to apply the Australian
> Cyber Security Centre (ACSC) Essential 8 for the Linux devices
> they manage in their workplaces as per:
> Xhttps://www.acsc.gov.au/publications/protect/essential-eight-linux.htm
> I look after lots of Debian and Ubuntu [GNU/]Linux systems (servers,
> desktops, embedded devices) and use the "unattended-upgrades" facility
> to automatically apply security patches as they come out.
> I also maintain a local repository for various local packages.
> The Essential 8 for Linux document suggests that "Patching Linux is
> easy to achieve when combined with locally-hosted repositories and
> scheduled scripts" from which I am understanding that any packages
> that need upgrading on production servers should be coming from
> a local repository after the new package has been tested/screened
> etc. for vulnerabilities etc. (all makes sense).
> I am wondering if anyone who is allowed to talk about this is doing
> it and what strategies they might recommend for testing/delaying
> new security updates before uploading to a local repository prior
> to deploying to production servers?
> (apparently it is "easy to achieve" - maybe it is easier to achieve
> with commercial-grade distros like RedHat and Suse etc.?)
> cheers,
> Bob Edwards.
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux


  "I and the public know
  what all schoolchildren learn
  Those to whom evil is done
  Do evil in return"		W.H. Auden, "September 1, 1939"

More information about the linux mailing list