Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

Ubuntu Patches and misc checks

Posted on 2012-04-04
4
Medium Priority
?
410 Views
Last Modified: 2012-04-24
1) Do ubuntu release security updates for their OS, if so often are they released, perhaps on a monthly scale. Are there any tools to identify missing linux security patches?

2) How can you run a list of server apps running on the server with their software version

3) How can you run a list of all local user accounts on the server and audit their password strength/policy? Is there anywhere to see a "password last changed" type feature?
0
Comment
Question by:pma111
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
4 Comments
 
LVL 79

Accepted Solution

by:
arnold earned 1000 total points
ID: 37809176
apt-get or aptitude if you are running a GUI, there is a system tool for software updates that will list the data and let you decide whether you want to install.
Ubuntu releases updates, it does not maintain versions and.

Usually there should be one question per post as multiple unrelated question lead to long running correspondence.
http://www.cyberciti.biz/faq/debian-ubuntu-linux-list-available-package-update/
http://www.cyberciti.biz/tips/linux-debian-package-management-cheat-sheet.html
Ubuntu is a Using similar features to Debian.


dpkg --get-selections
0
 
LVL 30

Assisted Solution

by:Kerem ERSOY
Kerem ERSOY earned 1000 total points
ID: 37809206
Hi,

1) Ubuntu releases security and bugfix patches regularly. They are released as soon as they prepare a package. Sometimes they issue patches for several programs and sometimes there are 2-3 days with no patches. So there's not a specific time on how often they do. But they so it regularly and the package manager continuously monitor for new patches and notifies you when threes a new patch to retrieve.  The package manager checks updates and lists the missing patches to you immediately.

2) The command to get a list of all installed software you can use this command:

# sudo dpkg --get-selections

Open in new window


3) Ubuntu employs a tool called pam_cracklib and audits the strength of passwords and does not allow very weak passwords. The complexity requirements also can be set using the config files. But as with windows once a password  was accepted it is encrypted with a one-way algorithm and only way to audit the strength of a password after input is try to crack it. There are tools such as john the ripper. Which can run a rule-based bruteforce and dictionary attack on  a given account.  if you cat /etc/shadow you will get  list of all current users and the active accounts are the ones that the following field (":" is the separator between fields)is not an asterisk or a double exclamation marks. They are service / disabled accounts. So you can feed the accounts to jack the ripper nd it can try to crack passwords.
sudo chage -l username

Open in new window

Will display additional info including last password change date for a given user.

Cheers,
K.
0
 
LVL 3

Author Comment

by:pma111
ID: 37826653
>>The package manager

Could you provide a screenshot of the package manager so I can visualise how this appears in terms of here are the out of date software?
0
 
LVL 79

Expert Comment

by:arnold
ID: 37827830
0

Featured Post

Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

It’s 2016. Password authentication should be dead — or at least close to dying. But, unfortunately, it has not traversed Quagga stage yet. Using password authentication is like laundering hotel guest linens with a washboard — it’s Passé.
I use more than 1 computer in my office for various reasons. Multiple keyboards and mice take up more than just extra space, they make working a little more complicated. Using one mouse and keyboard for all of my computers makes life easier. This co…
Learn how to get help with Linux/Unix bash shell commands. Use help to read help documents for built in bash shell commands.: Use man to interface with the online reference manuals for shell commands.: Use man to search man pages for unknown command…
Hi friends,  in this video  I'll show you how new windows 10 user can learn the using of windows 10. Thank you.

715 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question