debsecan – Get an Emailed Report of Pending Debian Security Updates

By | 2015/04/01

debsecan is an exclusive app for Debian which helps check and notify if your server has pending security updates. Check it out!


1. First, install debsecan:

$ sudo apt-get install debsecan

2. Next, configure debsecan for the specific Debian version:

$ sudo dpkg-reconfigure debsecan

01-debsecan
Done! debsecan will email out a daily status report to root via a cron job (/etc/cron.d/debsecan).

Below is an example email:

02-debsecan


debsecan can also be invoked manually for a quick check. This is helpful to use with ansible to get an assessment of outstanding updates needed to apply.

This checks for pending updates. Looks like I have a few ldap package updates:

$ debsecan --suite wheezy --only-fixed
CVE-2013-4449 libldap-2.4-2 (fixed, remotely exploitable, medium urgency)
CVE-2014-9713 libldap-2.4-2 (fixed)
CVE-2015-1545 libldap-2.4-2 (fixed, remotely exploitable, medium urgency)
CVE-2013-4449 libldap-2.4-2 (fixed, remotely exploitable, medium urgency)
CVE-2014-9713 libldap-2.4-2 (fixed)
CVE-2015-1545 libldap-2.4-2 (fixed, remotely exploitable, medium urgency)

You can also send a report via email:

$ sudo debsecan --suite wheezy --format report --mailto root --only-fixed --update-history

Leave a Reply

Your email address will not be published. Required fields are marked *

Notify me of followup comments via e-mail. You can also subscribe without commenting.