I've got a bunch of client's virtual machines running by various providers who use Xen paravirtualisation. Almost all of these are Debian or Debian based systems.
I rely on APT pretty heavily to track what security updates need doing, but with a paravirtualised system, the kernel that's actually running is typically not the one that APT installs, even after a reboot. Actually updating the kernel generally involves messing about with a control panel or API. Unfortunately the providers tend not to do very well at informing me when I'm using an old kernel.
Is there a tool that I can use within a VPS to monitor what kernel version is actually running (e.g. uname -a), and some online source of security info, and let me know when there's a security issue I need to address?
I'm not sure quite how this should work, given that a huge proportion of the kernel security issues tend to be in drivers, many of which would not be applicable, but maybe someone has done the thinking here to come up with a good strategy?
0 Answers