Keeping on top of Ubuntu and Debian security advisories: host agents and wild goose chasing presented at bsideswellington 2017

by Michael Fincham, Filip Vujičić,

Summary : When ensuring a large number of heterogeneous Ubuntu and Debian machines are "up to date", there are questions that need to be asked.
What's even installed on all these machines? What constitutes "up to date"? Where does that information come from? Why the heck isn't it in a machine readable format already?
What started as an experimental attempt at solving the problem has become a useful, evolving free software web application for collating Linux distro security advisories and integrating with host instrumentation tools such as osquery and hostinfo.
I will talk about the history of the project, the challenges faced in obtaining the data we use and developing the applications, what we're working on at the moment to improve its performance, and show some live demos using osquery to detect problems and observe their remediation in realtime.