Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Security updates using unattended-upgrades #54

Open
oguya opened this issue Sep 2, 2016 · 2 comments
Open

Security updates using unattended-upgrades #54

oguya opened this issue Sep 2, 2016 · 2 comments
Labels
enhancement has-pr security

Comments

@oguya
Copy link
Contributor

oguya commented Sep 2, 2016

We've been using cron-apt to automatically apply security updates. unattended-upgrades also does the same thing, but better. I think we should give it a try.
What's your recommendation @alanorth ?
@oguya oguya mentioned this issue Sep 2, 2016
Open
@oguya
Copy link
Contributor Author

oguya commented Sep 2, 2016

I think we can also configure it to automatically reboot a host—common web servers—at a specific time if /var/run/reboot-required file is created by an upgrade.
https://github.com/ilri/rmg-ansible-public/blob/unattended-upgrades/roles/common/templates/apt.conf.d/50unattended-upgrades.j2#L48-L55

@alanorth
Copy link
Member

alanorth commented Sep 5, 2016

I dunno. I don't like the idea of servers automatically rebooting. We don't monitor them well enough to notice if one doesn't come back. I think applying userland security updates like openssl, nginx, bash, etc is a no brainer — but not kernels.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement has-pr security
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@alanorth @oguya