[clug] ACSC Essential 8 for Linux - local package repositories

Stephen Hocking stephen.hocking at gmail.com
Sun Mar 31 05:02:02 UTC 2019


Using Red Hat Satellite, it's quite straight forward. There's a few white
papers kicking around describing how to do it. Haven't really looked at the
Debian/Ubuntu side of things.

On Sat, 30 Mar 2019 at 12:56, Robert Edwards via linux <
linux at lists.samba.org> wrote:

> I'm guessing that some on this list need to apply the Australian
> Cyber Security Centre (ACSC) Essential 8 for the Linux devices
> they manage in their workplaces as per:
> Xhttps://www.acsc.gov.au/publications/protect/essential-eight-linux.htm
>
> I look after lots of Debian and Ubuntu [GNU/]Linux systems (servers,
> desktops, embedded devices) and use the "unattended-upgrades" facility
> to automatically apply security patches as they come out.
>
> I also maintain a local repository for various local packages.
>
> The Essential 8 for Linux document suggests that "Patching Linux is
> easy to achieve when combined with locally-hosted repositories and
> scheduled scripts" from which I am understanding that any packages
> that need upgrading on production servers should be coming from
> a local repository after the new package has been tested/screened
> etc. for vulnerabilities etc. (all makes sense).
>
> I am wondering if anyone who is allowed to talk about this is doing
> it and what strategies they might recommend for testing/delaying
> new security updates before uploading to a local repository prior
> to deploying to production servers?
>
> (apparently it is "easy to achieve" - maybe it is easier to achieve
> with commercial-grade distros like RedHat and Suse etc.?)
>
> cheers,
> Bob Edwards.
>
> --
> linux mailing list
> linux at lists.samba.org
> https://lists.samba.org/mailman/listinfo/linux
>


-- 

  "I and the public know
  what all schoolchildren learn
  Those to whom evil is done
  Do evil in return"		W.H. Auden, "September 1, 1939"


More information about the linux mailing list