No big secret that i’m a huge fan of ubuntu as a pentesting platform, and run it as my main OS. Recently I’ve had enough systems to justify tossing in an apt-proxy installation. Nothing groundbreaking, but may save a few mins for you. Here’re my notes.
Choose an (ubuntu) machine to install apt-proxy on:
$ sudo apt-get install apt-proxy
After the install, edit the /etc/apt-proxy/apt-proxy-v2.conf file to configure your listening address:
address = [internal listening address]
Restart the apt-proxy daemon:
$ sudo /etc/init.d/apt-proxy restart
That’s it for the server
Setting a client up to use the proxy requires editing a few lines of your /etc/apt/sources.list. The Apt-proxy howto (https://help.ubuntu.com/community/AptProxy) gives a good example:
Replace mentions of specific repository URL (in /etc/apt/sources.list) with references to your server and the backend for it; such as:
deb http://archive.ubuntu.com/ubuntu karmic main restricted
deb http://security.ubuntu.com/ubuntu karmic-security main restricted universe
deb http://server:9999/ubuntu karmic main restricted
deb http://server:9999/ubuntu-security karmic-security main restricted universe
Pretty straightforward. Just make sure you append the “-security” piece onto the proxy URL for both security and updates. In the case of my /etc/apt/sources.list:
# standard packages
deb http://%5Binternal listening address]:9999/ubuntu karmic main restricted universe multiverse
deb-src http://%5Binternal listening address]:9999/ubuntu karmic main restricted universe multiverse
# update packages
deb http://%5Binternal listening address]:9999/ubuntu karmic-updates main restricted universe multiverse
deb-src http://%5Binternal listening address]:9999/ubuntu karmic-updates main restricted universe multiverse
# security packages
deb http://%5Binternal listening address]:9999/ubuntu-security karmic-security main restricted universe multiverse
deb-src http://%5Binternal listening address]:9999/ubuntu-security karmic-security main restricted universe multiverse
Run an apt-get update / apt-get upgrade and you’re golden. Rinse & repeat for all clients.
Great post, never used apt-proxy before but it seems to be a interesting tool. I have used apt-mirror before but I didn’t like the idea of mirroring every version of Ubuntu locally. We have about 20 Ubuntu boxes on my team that I think I will get transitioned over to this.
glad it helped!
@hammackj – if you’re really crazy, check out apt-torrent :p
That is awesome. I think the network guys would freak out of every apt-get was a torrent pull =) Great idea though.
apt-proxy has scaling problems, and likely won’t work for 20 simultaneous machines. We switched to approx because it’s a lot more stable. It also has a really simple configuration.
cool, thanks! a quick google search turns up a comparison (http://lists.netisland.net/archives/plug/plug-2008-05/msg00038.html) that makes it sound like this is a good move regardless. i’ve been looking for something that makes it easy to report.