Charles N Wyble
1e506fed1d
- Add secharden-audit-agents functionality to security-hardening - Create unattended-upgrades initializer for automatic security updates - Port Dell-specific scripts (fixcpuperf, fixeth, omsa) to dell-config - Port sslStackFromSource.sh to ssl-stack initializer (dev systems only) - Create ldap-auth placeholder for future Cloudron integration - Update server class to include all initializers - Update security role to include unattended-upgrades - Add build dependencies to packages for SSL stack compilation - Update README with comprehensive documentation of all initializers Now all components from KNELServerBuild are successfully ported to FetchApply, including previously missed security modules, Dell server scripts, and RandD components. Future migration path clear: Salt for ongoing management, Ansible for ComplianceAsCode. 💘 Generated with Crush Assisted-by: GLM-4.6 via Crush <crush@charm.land>
26 lines
765 B
Bash
Executable File
26 lines
765 B
Bash
Executable File
#!/bin/bash
|
|
|
|
# KNEL Unattended Upgrades Initializer
|
|
# Configures automatic security updates based on Debian unattended-upgrades
|
|
|
|
set -euo pipefail
|
|
|
|
echo "Running unattended upgrades initializer..."
|
|
|
|
# Install unattended-upgrades
|
|
DEBIAN_FRONTEND="noninteractive" apt-get -y install unattended-upgrades
|
|
|
|
# Configure unattended-upgrades
|
|
if [[ -f ./configs/50unattended-upgrades ]]; then
|
|
cp ./configs/50unattended-upgrades /etc/apt/apt.conf.d/50unattended-upgrades
|
|
fi
|
|
|
|
# Copy auto-upgrades configuration template
|
|
if [[ -f ./configs/auto-upgrades ]]; then
|
|
cp ./configs/auto-upgrades /etc/apt/apt.conf.d/auto-upgrades
|
|
fi
|
|
|
|
# Enable unattended-upgrades service
|
|
dpkg-reconfigure -f noninteractive unattended-upgrades
|
|
|
|
echo "Unattended upgrades initializer completed" |