Nanitor as the internal auditor on our patching. unattended-upgrades does the patching; Nanitor proves it ran, and disagrees when it did not. A real bind9 vulnerability appeared on a Debian host on Thursday evening, the timer closed it by Friday morning, and Nanitor recorded every step. The timeline, the ISO 27001 controls behind it, the customer pattern where the auditor disagrees with the patcher, and the escalation path when 24 hours is too slow.

Continue reading...