Do you ever wonder how to keep up with the new security updates releasing daily? Debsecan is a great tool that you can use to simplify this task. This utility will help you to evaluate your current security status without searching for the new security updates manually. And also it comes with the feature to report the missing security updates. Most importantly, it will let you know if there’s any known vulnerabilities exists in the already installed programs.

Step 01 – Installation

#sudo apt install debsecan

Step 02 – List identified vulnerabilities with debsecan

In the following examples, we assume that the host under examination runs Debian sid. Therefore, the –suite sid option is specified in all cases. Since version 0.3, the –suite is no longer mandatory, but additional information is available if you specify the correct suite.

The first command gives a brief overview of all known vulnerabilities which potentially affect the system:

#debsecan --suite sid

On ubuntu,

#debsecan --source https://raw.githubusercontent.com/BBVA/ust2dsa/data/

This Improves Ubuntu security feed compatibility allowing it to be consumed by debsecan.

Step 03 – get detailed output with debsecan

We can get more details if we choose a different output format:

#debsecan --suite-sid --format-details

Step 04 – List only missing security updates

Using –only-fixed, the output can be restricted to missing security updates:

#debsecan --suite sid --only-fixed

Step 05 – Install the identified security updates with apt-get

The packages output format is suitable for input to apt-get:

#debsecan --suite sid --only-fixed --format packages

Install these updates in your system using the following command:

#sudo apt install $(debsecan --suite bullseye --only-fixed --format packages)

In conclution, Debsecan is a great tool if you need to install the security updates as quickly as possible when they are released. But always keep one thing in your mind; Do not install the updates in your production servers before testing it in a test server. That way you can guarantee that the programs will work as expected even after the update.

The following two tabs change content below.
Ruwantha Nissanka is a Professional Cyber Security Engineer from Sri lanka with having a demonstrated history of providing cyber security services for multiple organizations in Sri Lanka. He is a positive person who wants to believe the best in others and he likes to help, encourage people and make them feel good.