Needless repetition .. - Githubissues

dolegi / lockdown.sh

Lockdown your linux install. The simple zero config linux hardening script

GNU General Public License v3.0

362 stars 27 forks source link

Closed skx closed 4 years ago

skx commented 4 years ago

If you're expecting unattended-upgrades to provide (security) upgrades, automatically then this section of code is pointless:

# Add Daily Update Cron Job
touch job
echo "@daily apt update; apt dist-upgrade -y" >> job
crontab job
rm job

Note: The more idiomatic approach would be writing to /etc/cron.daily/apt-upgrade, or similar. Not using cron.

However I note that you never actually install unattended-upgrades, only attempt to reconfigure it. That's probably a mistake.

MartinVerges commented 4 years ago

please use systemd timers, a newer approach with some nice benefits

ghost commented 4 years ago

Cool, thanks for opening an issue!