~alpine/users

6 3

How to keep Alpine-based systems secure

wojciech.kopras@yahoo.com <wojciech.kopras@yahoo.com>
Details
Message ID
<2013507513.1487922.1576682692429@mail.yahoo.com>
DKIM signature
missing
Download raw message
Hi, I would like to keep my systems secure. And I wonder how it can be done with Alpine Linux.

I tried to find something. Is there anything new regarding https://lists.alpinelinux.org/~alpine/users/%3CCAKXJ0%3Di57cR-9ORP2%3DA-_c0nQPR17twKULskqVQL3Lwo_JuPLg%40mail.gmail.com%3E ?

I tried to ask also others, but I've got no helpful answer. https://serverfault.com/questions/992400/how-to-get-information-about-security-updates-for-alpine-linux 

What would you suggest? Or what is the procedure that you use?

-- 
Wojciech Kopras
PICCORO McKAY Lenz <mckaygerhard@gmail.com>
Details
Message ID
<CALci+FRGPpEgWSaurrbEAcYFF3oJBU4Kuj_-ppKDWQSz6TQ=Rw@mail.gmail.com>
In-Reply-To
<2013507513.1487922.1576682692429@mail.yahoo.com> (view parent)
DKIM signature
missing
Download raw message
maybe you must sear at alpine irc channel or
https://gitlab.alpinelinux.org/alpine

but GUYS THE MAN HAVE A POINT HERE! where it's the security channel
for alpine linux?

Lenz McKAY Gerardo (PICCORO)
http://qgqlochekone.blogspot.com

El mié., 18 de dic. de 2019 a la(s) 11:25, wojciech.kopras@yahoo.com
(wojciech.kopras@yahoo.com) escribió:
>
> Hi, I would like to keep my systems secure. And I wonder how it can be done with Alpine Linux.
>
> I tried to find something. Is there anything new regarding https://lists.alpinelinux.org/~alpine/users/%3CCAKXJ0%3Di57cR-9ORP2%3DA-_c0nQPR17twKULskqVQL3Lwo_JuPLg%40mail.gmail.com%3E ?
>
> I tried to ask also others, but I've got no helpful answer. https://serverfault.com/questions/992400/how-to-get-information-about-security-updates-for-alpine-linux
>
> What would you suggest? Or what is the procedure that you use?
>
> --
> Wojciech Kopras
Details
Message ID
<20191219113734.6510f163@ncopa-desktop.copa.dup.pw>
In-Reply-To
<2013507513.1487922.1576682692429@mail.yahoo.com> (view parent)
DKIM signature
missing
Download raw message
On Wed, 18 Dec 2019 15:24:52 +0000 (UTC)
"wojciech.kopras@yahoo.com" <wojciech.kopras@yahoo.com> wrote:

> Hi, I would like to keep my systems secure. And I wonder how it can be done with Alpine Linux.

> 
> I tried to find something. Is there anything new regarding https://lists.alpinelinux.org/~alpine/users/%3CCAKXJ0%3Di57cR-9ORP2%3DA-_c0nQPR17twKULskqVQL3Lwo_JuPLg%40mail.gmail.com%3E ?
> 
> I tried to ask also others, but I've got no helpful answer. https://serverfault.com/questions/992400/how-to-get-information-about-security-updates-for-alpine-linux 
> 
> What would you suggest? Or what is the procedure that you use?
> 

To keep your machine updated run `apk upgrade -U -a` regularily. Stable
branches should only have bug fixes and security fixes, so in theory
you could run this from a cron job. You can do this with `apk add apk-cron`.

There are tools that will tell you what services needs to be restarted after an update.
See https://github.com/jirutka/apk-autoupdate (this is in testing still)

If you want check what is going to be updated then you can do:

  apk update && apk version

It will tell you what packages that are outdated and needs update.
After that you can run `apk upgrade`.

If you only want follow security issues (with a CVE), then you can
follow isses in our bugtracker:

https://gitlab.alpinelinux.org/alpine/aports/issues?scope=all&utf8=%E2%9C%93&state=closed&label_name[]=T-Security

Note that we keep those confidential til they are solved so you need to
follow the closed ones.

You can also get this as a RSS feed (click at the "subscribe RSS feed"
button left to "Edit issues" and "New issue" buttons).

The url is:
https://gitlab.alpinelinux.org/alpine/aports/issues.atom?label_name%5B%5D=T-Security&scope=all&state=closed&utf8=%E2%9C%93

I hope this helps til we have a proper security announcement channel.

Thanks!

-nc
Details
Message ID
<20191219115326.0891a66c@ncopa-desktop.copa.dup.pw>
In-Reply-To
<CALci+FRGPpEgWSaurrbEAcYFF3oJBU4Kuj_-ppKDWQSz6TQ=Rw@mail.gmail.com> (view parent)
DKIM signature
missing
Download raw message
On Wed, 18 Dec 2019 16:39:43 -0400
PICCORO McKAY Lenz <mckaygerhard@gmail.com> wrote:

> maybe you must sear at alpine irc channel or
> https://gitlab.alpinelinux.org/alpine
> 
> but GUYS THE MAN HAVE A POINT HERE! where it's the security channel
> for alpine linux?

Where is the volunteer to set up and manage the security channel? We
need someone that can help us set it up and manage it.

Meanwhile, you can follow the RSS feed from gitlab (follow closed
issues with label T-security):

https://gitlab.alpinelinux.org/alpine/aports/issues.atom?label_name%5B%5D=T-Security&scope=all&state=closed&utf8=%E2%9C%93
PICCORO McKAY Lenz <mckaygerhard@gmail.com>
Details
Message ID
<CALci+FTUP_6SStZkqtNxkDyFHVU1uSOKHnx-r=rVuReErqgJGg@mail.gmail.com>
In-Reply-To
<20191219115326.0891a66c@ncopa-desktop.copa.dup.pw> (view parent)
DKIM signature
missing
Download raw message
El jue., 19 de dic. de 2019 a la(s) 07:36, Natanael Copa
(ncopa@alpinelinux.org) escribió:
>
> On Wed, 18 Dec 2019 16:39:43 -0400
> PICCORO McKAY Lenz <mckaygerhard@gmail.com> wrote:
> > but GUYS THE MAN HAVE A POINT HERE! where it's the security channel
> Meanwhile, you can follow the RSS feed from gitlab (follow closed
> issues with label T-security):
>
> https://gitlab.alpinelinux.org/alpine/aports/issues.atom?label_name%5B%5D=T-Security&scope=all&state=closed&utf8=%E2%9C%93

HEY NATHANIEL the RSS can be  parsed and showed as a list of articles
in the main side of alpine linux! please can some one setuyp a rss
parser to the web page and show as security information page?

wheantime, i'll create a security information page in the wiki and
also open a issue request for

> Where is the volunteer to set up and manage the security channel? We
> need someone that can help us set it up and manage it.

What are the rules to maintain a/the security channel? maybe not me
only, i already also know another guy that can do it alongside !

interesting..  https://gitlab.alpinelinux.org/alpine/aports/issues?scope=all&utf8=%E2%9C%93&state=closed&label_name[]=T-Security
Wojciech Kopras <wojciech.kopras@yahoo.com>
Details
Message ID
<739870624.4797644.1577113823548@mail.yahoo.com>
In-Reply-To
<CALci+FTUP_6SStZkqtNxkDyFHVU1uSOKHnx-r=rVuReErqgJGg@mail.gmail.com> (view parent)
DKIM signature
missing
Download raw message
For me the option with an RSS feed is a good option. Thank you.

RSS: https://gitlab.alpinelinux.org/alpine/aports/issues?state=closed&label_name%5B%5D=T-Security

Adding that information to wiki - IMHO a great idea. Issues with the "T-Security" label can be your "security channel".

-- 
Wojciech Kopras
Wojciech Kopras <wojciech.kopras@yahoo.com>
Details
Message ID
<2060478568.5154258.1577175448132@mail.yahoo.com>
In-Reply-To
<739870624.4797644.1577113823548@mail.yahoo.com> (view parent)
DKIM signature
missing
Download raw message
Sorry, I've made a mistake in the URL that could mislead someone reading the thread. The correct version is:

RSS: https://gitlab.alpinelinux.org/alpine/aports/issues.atom?state=closed&label_name%5B%5D=T-Security

List of issues in GitLab: https://gitlab.alpinelinux.org/alpine/aports/issues?state=closed&label_name%5B%5D=T-Security

-- 
Wojciech Kopras
Reply to thread Export thread (mbox)