Maintaining a secure Ubuntu Linux system requires keeping up with security patches and updates. Regularly checking for and installing Ubuntu Security Updates ensures your system stays safe without unnecessary changes. In this blog post, we will explore how to manage Ubuntu Security Updates effectively through the command line, including both security updates and all available package updates.
Table of Contents
- Understanding Ubuntu Security Updates
- Manual Approach to Update Only Security Packages
- Update all Available Ubuntu Packages Manually
- Additional Steps for Managing Security Updates and CVEs Fix
- 1. Finding Installed and Available CVEs
- 2. Retrieving Changelogs for a Specific CVE
- 3. Check Available Security Updates and Fixes
- 4. Check Enabled Updates Types in Unattended Upgrades
- 5. Install Security Updates for a Single Package
- 6. Install Ubuntu Security Updates for All Packages using unattended-upgrade
- Conclusion of Ubuntu Security Updates
Understanding Ubuntu Security Updates
Before diving into the specifics, it’s essential to understand what Ubuntu Security Updates are. These updates address vulnerabilities in the operating system and installed software, ensuring that your system is protected against potential threats. Regularly applying these updates is vital for maintaining the integrity and security of your system.
Manual Approach to Update Only Security Packages
Why Update Only Security Packages?
Updating only security packages ensures that you apply the latest security patches and fixes without updating other packages that may not be essential for security. This approach helps minimize the risk of introducing new issues or dependencies that might affect your system’s stability.
Steps for Ubuntu Security Updates only
Step 1: Update the Package List
Open a terminal and run the following command to update the package list:
sudo apt update
This command updates the package list to ensure you have the latest information about available packages.
Step 2: List Upgradable Security Packages
Run the following command to list upgradable security packages:
sudo apt list --upgradable | grep security
This command lists only the security packages that have updates available.
Step 3: Upgrade Security Packages
To upgrade the security packages, run the following command:
sudo apt upgrade -y $(apt list --upgradable | grep -i security | awk -F/ '{print $1}')
This command upgrades only the security packages listed in the previous step.
Step 4: Verify Installed Updates
After the updates, you can verify that only security updates were applied:
grep "security" /var/log/apt/history.log
This ensures your Ubuntu system receives only the security updates without upgrading other packages.
Update all Available Ubuntu Packages Manually
Read Also | How to Configure automatic Unattended Upgrades Ubuntu
Why Update All Available Packages?
Updating all available packages ensures that your system has the latest features, security patches, and bug fixes. This approach helps improve your system’s overall performance, security, and stability.
Steps to Update All Available Packages
Step 1: Update the Package List
Open a terminal and run the following command to update the package list:
sudo apt update
This command updates the package list to ensure you have the latest information about available packages.
Step 2: Upgrade All Packages
Run the following command to upgrade all packages:
sudo apt full-upgrade
This command upgrades all packages that have updates available, including security packages, kernel updates, and other dependencies.
Additional Steps for Managing Security Updates and CVEs Fix
1. Finding Installed and Available CVEs
To find installed packages and their associated CVEs, you can use the following command:
# dpkg -l | grep '^ii' | awk '{print $2}' | xargs -I{} apt-get changelog {} | grep -i CVE
This command lists installed packages and searches for CVEs in their changelogs. It uses `dpkg` to get the list of installed packages and then uses `apt-get changelog` to display the changelog for each package, filtering for lines containing the term “CVE.”
2. Retrieving Changelogs for a Specific CVE
To retrieve changelogs for a specific CVE, you can use the following command:
# apt-get changelog package-name | grep -i CVE-cve-id
Replace “package-name” with the name of the package you want to check, and replace “cve-id” with the desired CVE identifier (e.g., CVE-2020-14145). This command will display changelog entries related to the specified CVE.
3. Check Available Security Updates and Fixes
To check for available security updates and fixes, you can use the following command:
# sudo apt-get update # apt list --upgradable | grep "-security"
The first command updates the package lists from repositories, and the second command lists packages that have available updates, specifically those related to security updates.
4. Check Enabled Updates Types in Unattended Upgrades
To check which types of updates are enabled in unattended-upgrades, you can examine the configuration files. The main configuration file is located at:
# /etc/apt/apt.conf.d/20auto-upgrades
You can also look for additional configuration files in the “/etc/apt/apt.conf.d/” directory that start with “50unattended-upgrades” to see more specific settings.
/etc/apt/apt.conf.d/50unattended-upgrades
- Edit file
50unattended-upgradesusing vi/vim and Modify the line to include only the “security” repository. Edit the line as follows:# Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}-security";
}; - Save the file and exit the text editor.
- Check for dry-run allows you to see what would be installed. If you’re satisfied with the changes, apply the security updates:
# sudo unattended-upgrades --dry-run
5. Install Security Updates for a Single Package
To install security fixes for a specific package, you can use the following command:
# sudo apt-get install --only-upgrade package-name
Replace “package-name” with the name of the package you want to update. This command will install the latest available version of the package, including security updates.
6. Install Ubuntu Security Updates for All Packages using unattended-upgrade
To install security fixes for all packages only, you can use the following command:
# sudo unattended-upgrade -v
This command will install only available security updates
To install security fixes for all packages with available updates, you can use the following command:
# sudo apt-get upgrade
This command will install all packages with available security updates and fixes.
If unattended-upgrade has not yet been setup, you can use the wiki link below to install it and configure Ubuntu unattended upgrade so that security updates are installed automatically.
Read Also | How to Configure automatic Unattended Upgrades Ubuntu
Conclusion of Ubuntu Security Updates
Effectively managing Ubuntu Security Updates is essential for maintaining the security and stability of your system. By regularly applying updates, whether focusing solely on security packages or updating all available software, you can protect your system against vulnerabilities and ensure optimal performance. Staying proactive about Ubuntu Security Updates not only safeguards your data but also enhances your overall user experience. Make it a habit to check for updates and apply them as needed, and your Ubuntu system will remain secure and reliable in the face of evolving threats.
==================================================================================
Was this article of use to you? Post your insightful thoughts or recommendations in the comments section if you don’t find this article to be helpful or if you see any outdated information, a problem, or a typo to help this article better.
==================================================================================
