forked from DE-IBH/apt-dater
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathREADME.autoref
25 lines (18 loc) · 916 Bytes
/
README.autoref
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
Auto Refresh
============
Since version 0.6.5, apt-dater has a 'auto refresh' feature. This
gives two advantages:
* If one host is refreshed and got some updates, one should refresh
other hosts which are running the same distribution and have the
same (or atleast some) packages installed, too.
* There are some fundamental problems on replay attacks on todays
package managers[1]. If one has several hosts (using different
repository mirrors and different uplinks etc.), there is a chance
that some of your hosts got recent package lists. apt-dater collects
update informations over SSH on trusted hosts. If apt-dater compares
those information it could detect such replay attacks.
Links
=====
[1] Attacks on Package Managers
(Justin Cappos, Justin Samuel, Scott Baker, John H. Hartman)
https://www2.cs.arizona.edu/stork/packagemanagersecurity/attacks-on-package-managers.html