Apt-proxy installation notes

No big secret that i’m a huge fan of ubuntu as a pentesting platform, and run it as my main OS. Recently I’ve had enough systems to justify tossing in an apt-proxy installation. Nothing groundbreaking, but may save a few mins for you. Here’re my notes.

SERVER CONFIGURATION:

Choose an (ubuntu) machine to install apt-proxy on:

$ sudo apt-get install apt-proxy

After the install, edit the /etc/apt-proxy/apt-proxy-v2.conf file to configure your listening address:

address = [internal listening address]

Restart the apt-proxy daemon:

$ sudo /etc/init.d/apt-proxy restart

That’s it for the server

CLIENT:

Setting a client up to use the proxy requires editing a few lines of your /etc/apt/sources.list. The Apt-proxy howto (https://help.ubuntu.com/community/AptProxy) gives a good example:

Replace mentions of specific repository URL (in /etc/apt/sources.list) with references to your server and the backend for it; such as:

deb http://archive.ubuntu.com/ubuntu karmic main restricted
deb http://security.ubuntu.com/ubuntu karmic-security main restricted universe

would become:

deb http://server:9999/ubuntu karmic main restricted
deb http://server:9999/ubuntu-security karmic-security main restricted universe

Pretty straightforward. Just make sure you append the “-security” piece onto the proxy URL for both security and updates. In the case of my /etc/apt/sources.list:

# standard packages
deb http://%5Binternal listening address]:9999/ubuntu karmic main restricted universe multiverse
deb-src http://%5Binternal listening address]:9999/ubuntu karmic main restricted universe multiverse

# update packages
deb http://%5Binternal listening address]:9999/ubuntu karmic-updates main restricted universe multiverse
deb-src http://%5Binternal listening address]:9999/ubuntu karmic-updates main restricted universe multiverse

# security packages
deb http://%5Binternal listening address]:9999/ubuntu-security karmic-security main restricted universe multiverse
deb-src http://%5Binternal listening address]:9999/ubuntu-security karmic-security main restricted universe multiverse

Run an apt-get update / apt-get upgrade and you’re golden. Rinse & repeat for all clients.

Cheers!

6 Comments

  1. hammackj says:

    Great post, never used apt-proxy before but it seems to be a interesting tool. I have used apt-mirror before but I didn’t like the idea of mirroring every version of Ubuntu locally. We have about 20 Ubuntu boxes on my team that I think I will get transitioned over to this.

  2. jcran says:

    glad it helped!

  3. jcran says:

    @hammackj – if you’re really crazy, check out apt-torrent :p

  4. hammackj says:

    That is awesome. I think the network guys would freak out of every apt-get was a torrent pull =) Great idea though.

  5. Joe McDonagh says:

    apt-proxy has scaling problems, and likely won’t work for 20 simultaneous machines. We switched to approx because it’s a lot more stable. It also has a really simple configuration.

    1. jcran says:

      cool, thanks! a quick google search turns up a comparison (http://lists.netisland.net/archives/plug/plug-2008-05/msg00038.html) that makes it sound like this is a good move regardless. i’ve been looking for something that makes it easy to report.

Leave a Comment

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s