https://github.com/terminalctrlcode/soc-update-automation

Secure Bash automation tool for SOC and sysadmin updates on Ubuntu and Pop!_OS. Enforces hardening, logging, and compliance.
https://github.com/terminalctrlcode/soc-update-automation

automation bash blue-team compliance devops hardening linux logging pop-os security-tools shell-script soc-automation sysadmin ubuntu updater

Last synced: about 1 month ago
JSON representation

Secure Bash automation tool for SOC and sysadmin updates on Ubuntu and Pop!_OS. Enforces hardening, logging, and compliance.

• Host: GitHub
• URL: https://github.com/terminalctrlcode/soc-update-automation
• Owner: terminalctrlcode
• License: mit
• Created: 2025-05-21T02:16:25.000Z (about 1 year ago)
• Default Branch: main
• Last Pushed: 2025-05-31T13:14:42.000Z (about 1 year ago)
• Last Synced: 2026-03-04T17:36:10.520Z (4 months ago)
• Topics: automation, bash, blue-team, compliance, devops, hardening, linux, logging, pop-os, security-tools, shell-script, soc-automation, sysadmin, ubuntu, updater
• Language: Shell
• Homepage: https://github.com/jokics-infosec/soc-update-automation
• Size: 7.81 KB
• Stars: 0
• Watchers: 1
• Forks: 0
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • Contributing: CONTRIBUTING.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# secure-updater



  

    

  

  

    

  



[![License: MIT](https://img.shields.io/badge/License-MIT-yellow.svg)](LICENSE)

A secure, production-ready Bash automation tool for safely updating Ubuntu and Pop!_OS systems. Designed for SOC analysts and IT-secured Linux workstations, it enforces strict security and logging standards.

## Features

- Distro validation (Ubuntu/Pop!_OS only)

- Secure, error-checked update flow

- Detailed logging to `/var/log/updates/`

- Modular, maintainable, and ShellCheck-clean

- Follows OWASP, NIST, and CERT Bash best practices

## Supported Operating Systems

- Ubuntu (all LTS and current releases)

- Pop!_OS (all supported releases)

## Setup

1. Clone this repository:

   ```bash

   git clone https://github.com/YOUR_ORG/secure-updater.git

   cd secure-updater

   ```

2. Review and copy the example environment file:

   ```bash

   cp .env.example .env

   # Edit .env as needed

   ```

3. Make the script executable:

   ```bash

   chmod +x scripts/secure_update.sh

   ```

## Usage

Run the script as root (with sudo):

```bash

sudo bash scripts/secure_update.sh

```

- Logs are stored in `/var/log/updates/secure_update_.log`.

- Only Ubuntu and Pop!_OS are supported. The script will exit on other distros.

- **Log files are root-readable only (default permissions: 750).**

## Example Output

```

[INFO] Starting secure update at 20240601_120000 for Ubuntu

[INFO] apt update completed successfully.

[INFO] Listed upgradable packages.

[INFO] apt upgrade completed successfully.

[INFO] apt autoremove completed successfully.

[INFO] apt clean completed successfully.

[INFO] Secure update completed at 2024-06-01 12:00:30

```