assemblyline / apt-check.sh Goto Github PK

The security list is not necessarily configured in /etc/apt/sources.list. It can (and probably should) also be in a file under /etc/apt/sources.list.d/

in the security_upgrades function, Dir::Etc::Sourcelist should be Dir::Etc::SourceList

You use a predictable filename for $SECURITY_LIST which is expected not to already exist, but there is no checking for that.

Any user can generate a symlink at /tmp/apt-check.sh-fs6s6dfsf-security.list, with the result that the linked file will first be overwritten, and then deleted using root permissions.

I suggest you use something like:

SECURITY_LIST=`tempfile --suffix=-apt-check.sh-security.list`

On Ubuntu 14.04 (at least) the format of the output from apt-get upgrade does not match the expected format, with the result that the parsing for the list of upgrades that are outstanding fails.

mc0e@mc0e-laptop ~ $ sudo apt-get upgrade -oDir::Etc::Sourcelist=$SECURITY_LIST -s
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
The following packages will be upgraded:
  adobe-flash-properties-gtk adobe-flashplugin ansible bind9-host
  distro-info-data dnsutils firefox firefox-locale-en libbind9-90 libdns100
  libfreetype6 libfreetype6:i386 libisc95 libisccc90 libisccfg90 liblwres90
  virtualbox-5.1
17 to upgrade, 0 to newly install, 0 to remove and 0 not to upgrade.
[... etc ...]

count_upgrades fails because it simply greps for upgraded,, whereas in the output above, we see that there is a : instead of a ',', and the package list is on the following line.