One of the most crucial tasks that a systems administrator needs to undertake is ensuring that systems are patched with the latest security updates. Ubuntu is considered as one of the most secure Linux distributions but it can be susceptible to vulnerabilities as well. An updated system is secure and stands a better chance against malware and attackers.
In this tutorial, we'll focus on how one can manually install security updates in Ubuntu 18.04.
List Security Updates
To display security updates only ,
sudo unattended-upgrade --dry-run -d
Or
apt-get -s dist-upgrade| grep "^Inst" | grep -i security
If you wish to display all upgradeable packages run
apt-get -s dist-upgrade | grep "^Inst"
Sample Output
Inst libplymouth4 [0.9.2-3ubuntu13.4] (0.9.2-3ubuntu13.5 Ubuntu:16.04/xenial-upd ates [amd64]) Inst plymouth [0.9.2-3ubuntu13.4] (0.9.2-3ubuntu13.5 Ubuntu:16.04/xenial-updates [amd64]) [plymouth-theme-ubuntu-text:amd64 ] Inst plymouth-theme-ubuntu-text [0.9.2-3ubuntu13.4] (0.9.2-3ubuntu13.5 Ubuntu:16 .04/xenial-updates [amd64])
Finally, to install security updates only, run
apt-get -s dist-upgrade | grep "^Inst" | grep -i securi | awk -F " " {'print $2'} | xargs apt-get install
Manually Install Security Updates
To manually configure a system for security updates,
First, install unattended-upgrade package
apt-install unattended-upgrades
Sample Output
Reading package lists... Done Building dependency tree Reading state information... Done unattended-upgrades is already the newest version (0.90ubuntu0.9). 0 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.
After successful installation, you can proceed and call it manually as shown
sudo unattended-upgrade -d -v
Output
Initial blacklisted packages: Initial whitelisted packages: Starting unattended upgrades script Allowed origins are: ['o=Ubuntu,a=xenial', 'o=Ubuntu,a=xenial-security', 'o=UbuntuESM,a=xenial'] adjusting candidate version: 'libplymouth4=0.9.2-3ubuntu13' adjusting candidate version: 'plymouth=0.9.2-3ubuntu13' adjusting candidate version: 'plymouth-theme-ubuntu-text=0.9.2-3ubuntu13' pkgs that look like they should be upgraded: Fetched 0 B in 0s (0 B/s) fetch.run() result: 0 blacklist: [] whitelist: [] No packages found that can be upgraded unattended and no pending auto-removals
The -v
flags prints out the process in verbose on a command line.
The -d
handle debug messages in the system.
Setting up Automatic security updates
To configure your system to receive automatic security updates, follow the steps below
1. Install Unattended upgrade packages
To install unattended upgrades. First, log in as root and update the system
apt update
Next, install unattended-upgrades
apt install unattended-upgrades
2. Configure your Ubuntu system
After installation of Unattended updates, it's time now to configure your system.
Open the unattended upgrade configuration file as shown
vim/etc/apt/apt.conf.d/50unattended-upgrades
Comment out all line except the one with the security attribute as shown
If you wish to exclude packages from being upgraded unattended, you can do so in the file configuration file under the Unattended-Upgrade::Package-Blacklist
section.
Append each package on each line as shown
In the example above, vim text editor and MariaDB-server packages have been excluded. Save and Exit the configuration file.
3. Enable auto updating
Finally, you need to open the unattended-upgrades attributes
vim /etc/apt/apt.conf.d/20auto-upgrades
Save and Exit.
Reboot your system for the changes to take effect.
In this brief article, we have taken you through how to automatically and manually install security updates in Ubuntu 18.04. You are welcome to try out the above commands. Keep it locked for more insightful articles!
Nice! Thanks for that.