Ubuntu Patches and misc checks

1) Do ubuntu release security updates for their OS, if so often are they released, perhaps on a monthly scale. Are there any tools to identify missing linux security patches?

2) How can you run a list of server apps running on the server with their software version

3) How can you run a list of all local user accounts on the server and audit their password strength/policy? Is there anywhere to see a "password last changed" type feature?
LVL 3
pma111Asked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

arnoldCommented:
apt-get or aptitude if you are running a GUI, there is a system tool for software updates that will list the data and let you decide whether you want to install.
Ubuntu releases updates, it does not maintain versions and.

Usually there should be one question per post as multiple unrelated question lead to long running correspondence.
http://www.cyberciti.biz/faq/debian-ubuntu-linux-list-available-package-update/
http://www.cyberciti.biz/tips/linux-debian-package-management-cheat-sheet.html
Ubuntu is a Using similar features to Debian.


dpkg --get-selections
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
Kerem ERSOYPresidentCommented:
Hi,

1) Ubuntu releases security and bugfix patches regularly. They are released as soon as they prepare a package. Sometimes they issue patches for several programs and sometimes there are 2-3 days with no patches. So there's not a specific time on how often they do. But they so it regularly and the package manager continuously monitor for new patches and notifies you when threes a new patch to retrieve.  The package manager checks updates and lists the missing patches to you immediately.

2) The command to get a list of all installed software you can use this command:

# sudo dpkg --get-selections

Open in new window


3) Ubuntu employs a tool called pam_cracklib and audits the strength of passwords and does not allow very weak passwords. The complexity requirements also can be set using the config files. But as with windows once a password  was accepted it is encrypted with a one-way algorithm and only way to audit the strength of a password after input is try to crack it. There are tools such as john the ripper. Which can run a rule-based bruteforce and dictionary attack on  a given account.  if you cat /etc/shadow you will get  list of all current users and the active accounts are the ones that the following field (":" is the separator between fields)is not an asterisk or a double exclamation marks. They are service / disabled accounts. So you can feed the accounts to jack the ripper nd it can try to crack passwords.
sudo chage -l username

Open in new window

Will display additional info including last password change date for a given user.

Cheers,
K.
0
pma111Author Commented:
>>The package manager

Could you provide a screenshot of the package manager so I can visualise how this appears in terms of here are the out of date software?
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Distributions

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.