centos-package-cron icon indicating copy to clipboard operation
centos-package-cron copied to clipboard

Published 20 hours ago verified publisher icon wied03

Approaches/other distros

Open wied03 opened this issue 8 years ago • 3 comments

From @stephane-martin

think pypi would be nice if we could generalize centos-package-cron to other distributions (detect security patches for centos, redhat, debian, ubuntu). Then sysadmins could install through pypi on every machine whatever the distrib would be. I will need that function in my job, so I'll probably propose a PR, but not very soon.

wied03 avatar Jan 21 '17 18:01 wied03

RHEL has this covered already through yum security last time I checked. I can't remember if apticron on Ubuntu does this already but I think it does. I'm not sure it makes sense if those other distros have it covered already, does it?

Another approach to this problem is what coreos/clair is doing where they scan the RPM database and have their own CVE patching. Right now it's built for docker only but I wonder if that might change.

wied03 avatar Jan 21 '17 18:01 wied03

Sure Redhat (through yum plugins) and Debian/Ubuntu (through unattended-packages) already have tools. But what i'm looking for is a unified way to send security advisories to syslog. Syslog logs are then sent to central Elasticsearch instance, in which alerts are generated for the security team.

stephane-martin avatar Jan 21 '17 18:01 stephane-martin

@stephane-martin - Is Docker part of your use case or do you still envision having a decent amount of non-Atomic CentOS machines to administer?

wied03 avatar Feb 25 '17 17:02 wied03