Ubuntu

Ubuntu security upgrade

Version 1

The package unattended-upgrades provides functionality to install security updates automatically.

You could use this, but instead of configuring the automatic part you could call it manually:

sudo unattended-upgrade -d --dry-run
sudo unattended-upgrade -d

If you want to run it quietly instead:

sudo unattended-upgrade

NOTE: When you call unattended-upgrade you leave the “s” off the end.

This assumes that the package is installed by default, which it probably is. If not, just do:

sudo apt-get install unattended-upgrades

See also /usr/share/doc/unattended-upgrades/README.md.

Version 2

A Few Tips On How To Manage Updates

This applies both to Debian and Ubuntu, but more specific instructions for Ubuntu follow.

  • Show security updates only :apt-get -s dist-upgrade |grep "^Inst" |grep -i securi orsudo unattended-upgrade --dry-run -d or/usr/lib/update-notifier/apt-check -p
  • Show all upgradeable packagesapt-get -s dist-upgrade | grep "^Inst"
  • Install security updates onlyapt-get -s dist-upgrade | grep "^Inst" | grep -i securi | awk -F " " {'print $2'} | xargs apt-get install

Notes:

  • Sometimes Ubuntu shows security updates as if they’re coming from $release-updates repository. This is so, I’m told, because Ubuntu developers push security updates to $release-updates repository as well to expedite their availability.If that’s the case, you can do the following to show security updates only:sudo sh -c 'grep ^deb /etc/apt/sources.list | grep security > /etc/apt/sources.security.only.list' andapt-get -s dist-upgrade -o Dir::Etc::SourceList=/etc/apt/sources.security.only.list -o Dir::Etc::SourceParts=/dev/null | grep "^Inst" | awk -F " " {'print $2'}
  • Check what services need to be restarted after package upgrades. Figure out what packages you are going to upgrade beforehand and schedule your restarts/reboots. The problem here is that unless you restart a service it still may be using an older version of a library (most common reason) that’s been loaded into memory before you installed new package which fixes a security vulnerability or whatever.checkrestart -v However, keep in mind that checkrestart may list processes that shouldn’t necessarily be restarted. For example, PostgreSQL service may be keeping in its memory reference to an already deleted xlog file, which isn’t a valid reason to restart the service.Therefore, another, more reliable, way to check this using standard utils is the following little bash script that I shamelessly stole from https://locallost.net/?p=233It checks if running processes on a system are still using deleted libraries by virtue of keeping copies of those in active memory.ps xh -o pid | while read PROCID; do grep 'so.* (deleted)$' /proc/$PROCID/maps 2> /dev/null if [ $? -eq 0 ]; then CMDLINE=$(sed -e 's/\x00/ /g' < /proc/$PROCID/cmdline) echo -e "\tPID $PROCID $CMDLINE\n" fi done

Version 3

apt-get install -y --only-upgrade $( apt-get --just-print upgrade | awk 'tolower($4) ~ /.*security.*/ || tolower($5) ~ /.*security.*/ {print $2}' | sort | uniq )

18 thoughts on “Ubuntu security upgrade
  1. Hurrah, that’s what I was exploring for, what a data! existing here at this website, thanks admin of this web site.

  2. Hello my loved one! I wish to say that this post is awesome, nice written and come with
    approximately all important infos. I’d like to see extra posts like this .

  3. I love looking through a post that can make people think. Also, many thanks for permitting me to comment!

  4. I like the helpful info you provide in your articles. I will bookmark
    your blog and check again here frequently. I am quite
    certain I’ll learn many new stuff right here! Best of luck for the
    next!

  5. hello!,I like your writing very a lot! proportion we keep in touch more approximately your post
    on AOL? I require a specialist on this house to solve my problem.
    Maybe that is you! Looking ahead to look you.

  6. You really make it seem so easy together with your presentation but I in finding this matter to be actually one thing that I think I would by no means understand.
    It seems too complex and very broad for me. I’m looking ahead on your next submit, I’ll attempt to get the dangle of it!

  7. Hello I am so glad I found your website, I really found you by error,
    while I was searching on Digg for something else,
    Anyhow I am here now and would just like to say thanks for a marvelous
    post and a all round entertaining blog (I also love the theme/design), I don’t have time
    to go through it all at the moment but I
    have saved it and also added in your RSS feeds, so when I have time I will be back to read more, Please do keep up the great work.

  8. Hey there this is kind of of off topic but I was wanting to know if blogs use WYSIWYG editors
    or if you have to manually code with HTML. I’m starting a blog soon but have no coding expertise so I wanted to get advice from someone with experience.
    Any help would be greatly appreciated!

  9. Hello my loved one! I want to say that this post is awesome, nice written and come with approximately
    all significant infos. I would like to peer more posts like this .

  10. Unquestionably believe that which you stated. Your favorite
    justification appeared to be on the net the easiest thing to
    be aware of. I say to you, I certainly get irked while people think about worries that they just don’t
    know about. You managed to hit the nail upon the top and also
    defined out the whole thing without having side effect , people could take
    a signal. Will likely be back to get more.
    Thanks

Leave a Reply

Your email address will not be published.