Check only security updates


#1

Hi, I would like to check only missing security updates from Windows (2K8, 2K12,2K16) and Linux servers (Ubuntu,Debian, Amazon, RHEL).
I checked the windows-patch-baseline and linux-patch-baseline but this profiles get all patches (not only security).
Is there a way to get this information ?
Other question:
Is it possible to integrate inspec with grafana?


#2

@mcm that is a great idea and we should add this to the dev-sec baseline. We could create a control that verifies that all security patches are installed. Would you like to open a PR?


#3

@chris-rock
Sure, How should I proceed ?


#4

First, we need to identify all the cli calls to get the list of the security updates, similar to what you see here https://github.com/dev-sec/linux-patch-baseline/blob/master/libraries/linux_updates.rb#L188-L197 Once we have that, we can extend the InSpec resource to return a list of security packages. Its best to open tickets with your findings in https://github.com/dev-sec/linux-patch-baseline and https://github.com/dev-sec/windows-patch-baseline