-
Notifications
You must be signed in to change notification settings - Fork 2
Example Configurations
jc0b edited this page May 24, 2024
·
10 revisions
Note
This is the default configuration for nudge-auto-updater if no configuration file is specified, and no configuration.yml file is found in the working directory.
This configuration:
- Update the "default" target to the latest version of macOS available
- Applies a default deadline of 14 days after the release date, unless:
- at least 75% of the CVEs patched in this release are being actively exploited, in which case the update is deemed urgent and the deadline is 7 days after this releases release date.
---
targets:
- target: "default"
update_to: "latest"
cve_urgency_levels:
- cve_urgency_conditions:
fraction_actively_exploited_CVEs: 0.75
deadline_days: 7
name: "urgent"
default_deadline_days: 14This configuration:
- Update the "default" target to the latest version of macOS available
- Applies a default deadline of 21 days after the release date, unless:
- if there are 20 or more CVEs patched in this release AND 90% or more of the CVEs patched in this release are being actively exploited, the update is deemed critical and the deadline is set to 7 days after this releases release date
- if the average of
baseScore * exploitabilityScore * impactScorefor all CVEs patched in the release is greater than or equal to 125 OR if there are at least two CVEs patched in the release that are actively exploited and have a base score greater than or equal to 7, then the update is deemed urgent and the deadline is 14 days after this releases release date
---
targets:
- target: "default"
update_to: "latest"
cve_urgency_levels:
- cve_urgency_conditions:
number_CVEs: 20
fraction_actively_exploited_CVEs: 0.9
deadline_days: 7
name: "critical"
conjunction: true
- cve_urgency_conditions:
formulas:
- comparison: "average"
formula: "baseScore * exploitabilityScore * impactScore"
threshold: 125
- comparison: "n_above"
formula: "baseScore * is_actively_exploited"
n: 2
threshold: 7
deadline_days: 14
name: "urgent"
default_deadline_days: 21This configuration:
- Updates the "default" target to the latest version of macOS available
- Updates the "13" target to the latest version of macOS with a major release of 13 (or below)
- Applies a default deadline of 14 days after the release date
---
targets:
- target : "default"
update_to : "latest"
- target : "13"
update_to : "13"
default_deadline_days : 14