Scheduled Maintenance: We are aware of an issue with Google, AOL, and Yahoo services as email providers which are blocking new registrations. We are trying to fix the issue and we have several internal and external support tickets in process to resolve the issue. Please see: viewtopic.php?t=158230

 

 

 

cron job for installing security updates

Share your HowTo, Documentation, Tips and Tricks. Not for support questions!.
Post Reply
Message
Author
User avatar
crusti
Posts: 30
Joined: 2006-04-12 03:15

cron job for installing security updates

#1 Post by crusti »

Hi all,

This weekend I installed Debian 3.1 on my system, and I thought I'd share my method for getting regular security updates using cron for anyone who might be interested. I'll use fairly terse syntax. Because I'm a dialup user, I'm making use of the /usr/bin/pon and poff scripts that were provided during installation.

You might wonder why I use two scripts: I was unable to get a terminal to open from the cron command line, so I used one script to open a terminal for the other one, that way the user can be alerted about what's happening and can see what's going on.
I installed xterm for this.

Created:
/usr/bin/updsecx root root -rwx------
.............................
#!/bin/bash
# Apr 23 2006
# Debian 3.1
# Script for automatically dialing in and updating aptitude sources
# Also installs security updates
export DISPLAY=:0.0
/usr/X11R6/bin/xterm -e /usr/bin/updsec
exit 0
.............................

Created:
/usr/bin/updsec root root -rwx------
.............................
#!/bin/bash
# Script for automatically dialing in and updating aptitude sources,
# and installing security updates
# Apr 23 2006
# Debian 3.1
# This script is called from /usr/bin/updsecx
t=10
# Beep
echo -e "\007"
# Use pon to dialup
/usr/bin/pon
# Wait while the dialing takes place, otherwise the update will fail
for i in `seq 1 $t`
do
for j in `seq 1 200000`
do
echo "$i" >> /dev/null
done
echo "Pausing for dialup to complete...$i/$t"
done
# Performing only security updates
cp -f /etc/apt/sources.list.securityonly /etc/apt/sources.list
aptitude update
aptitude -y upgrade
cp -f /etc/apt/sources.list.full /etc/apt/sources.list
/usr/bin/poff
exit 0
.............................

Created:
/etc/apt/sources.list.securityonly root root -rw-r--r--
.............................
deb http://security.debian.org/ sarge/updates main contrib non-free
.............................

Created:
/etc/apt/sources.list.full root root -rw-r--r--
.............................
deb http://security.debian.org/ sarge/updates main contrib non-free
deb ftp://ftp.debian.org/debian/ sarge main contrib non-free
.............................

Edited sudoers:
# visudo
.............................
# This file MUST be edited with the 'visudo' command as root.
#
# See the man page for details on how to write a sudoers file.
#

# Host alias specification

# User alias specification

User_Alias DEBUSR = crusti

# Cmnd alias specification

Cmnd_Alias DIALUP = /usr/bin/pon, /usr/bin/poff
Cmnd_Alias UPD = /usr/bin/updsecx

Defaults:DEBUSR !lecture

# User privilege specification

root ALL=(ALL) ALL
DEBUSR ALL=(root) NOPASSWD: DIALUP
DEBUSR ALL=(root) NOPASSWD: UPD
.............................

Created a cron job for this:

$ crontab -e
.............................
# Format minutes-after-hour hr day mo dayofweek(1-7 Mon-Sun) command
# Install security updates every morning at 2am
0 2 * * * sudo /usr/bin/updsecx
.............................

This all assumes that the computer is turned on and the user is logged in.

Hope that helps someone with something.

crusti
OS: Debian Etch running XFCE 4.4
CPU: AMD Athlon 2500XP
MOB: Asus A7N8X-X
VID: GeForce4 MX440SE
AUD: Onboard
RAM: 1.5 GB
HDD: 80 GB Maxtor
HDD: 80 GB Maxtor
HDD: 160 GB Samsung
Top
Post Reply

Return to “Docs, HowTos, Tips & Tricks”