Agreed about unattended updates, they should be enabled, especially when the end user has no linux clue, but beware of package updates which make some config settings obsolete and will bail out if they find some old no longer used config statement . An installation manual describing how to install the packages and change configuration files should not fail in future versions unless the distro maintainers suddenly decide to replace systemd or make drastic changes. Package names will stay the same, config locations also stay the same. At least for OpenVPN, Bind/PowerDNS, Bird/Quagga, .. (unless you compile everything from source, but even then you can include the path to where it should store its config files)
73
Ruben ON3RVH
-----Original Message----- From: 44Net 44net-bounces+on3rvh=on3rvh.be@mailman.ampr.org On Behalf Of Rob PE1CHL via 44Net Sent: Tuesday, May 18, 2021 11:54 To: 44net@mailman.ampr.org Cc: Rob PE1CHL 44net@pe1chl.nl Subject: Re: [44net] bgp router setup
When you want to distribute a ready configured Debian image for those that cannot get something configured by walking through an installation manual, at least make sure it has the unattended-upgrades package installed AND CONFIGURED. It requires a couple more steps after installation, see the Debian wiki.
With this, it will at least remain uptodate within the current Debian version. It installes the security updates, will auto reboot when configured to do that, etc. It will not upgrade to the next version, but an installation manual targeted to a specific Debian install (and for a topic like this) will likely also fail in the next version so has to be updated anyway.
Rob
On 5/18/21 7:38 AM, Ruben ON3RVH via 44Net wrote:
I would not build a Debian image. It will never be updated and will lead to security issues. A good walkthrough with all the commands and some scripts or demo config files is a far better option and a good firewall setting walk-through is also a big plus.
_________________________________________ 44Net mailing list 44Net@mailman.ampr.org https://mailman.ampr.org/mailman/listinfo/44net