Maintaining a secure Ubuntu Linux system requires keeping up with security patches and updates. Here’s how you can check for security updates and install them, ensuring your system stays safe without unnecessary system changes.
1. Finding Installed and Available CVEs
To find installed packages and their associated CVEs, you can use the following command:
# dpkg -l | grep '^ii' | awk '{print $2}' | xargs -I{} apt-get changelog {} | grep -i CVE
This command lists installed packages and searches for CVEs in their changelogs. It uses `dpkg` to get the list of installed packages and then uses `apt-get changelog` to display the changelog for each package, filtering for lines containing the term “CVE.”
2. Retrieving Changelogs for a Specific CVE
To retrieve changelogs for a specific CVE, you can use the following command:
# apt-get changelog package-name | grep -i CVE-cve-id
Replace “package-name” with the name of the package you want to check, and replace “cve-id” with the desired CVE identifier (e.g., CVE-2020-14145). This command will display changelog entries related to the specified CVE.
3. Check Available Security Updates and Fixes
To check for available security updates and fixes, you can use the following command:
# sudo apt-get update # apt list --upgradable | grep "-security"
The first command updates the package lists from repositories, and the second command lists packages that have available updates, specifically those related to security updates.
4. Check Enabled Updates Types in Unattended-Upgrades
To check which types of updates are enabled in unattended-upgrades, you can examine the configuration files. The main configuration file is located at:
# /etc/apt/apt.conf.d/20auto-upgrades
You can also look for additional configuration files in the “/etc/apt/apt.conf.d/” directory that start with “50unattended-upgrades” to see more specific settings.
/etc/apt/apt.conf.d/50unattended-upgrades
- Edit file
50unattended-upgrades
using vi/vim and Modify the line to include only the “security” repository. Edit the line as follows:# Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}-security";
}; - Save the file and exit the text editor.
- Check for dry-run allows you to see what would be installed. If you’re satisfied with the changes, apply the security updates:
# sudo unattended-upgrades --dry-run
5. Install Security Updates for a Single Package
To install security fixes for a specific package, you can use the following command:
# sudo apt-get install --only-upgrade package-name
Replace “package-name” with the name of the package you want to update. This command will install the latest available version of the package, including security updates.
6. Install Security Updates for All Packages
To install security fixes for all packages only, you can use the following command:
# sudo unattended-upgrade -v
This command will install only available security updates
To install security fixes for all packages with available updates, you can use the following command:
# sudo apt-get upgrade
This command will upgrade all packages with available updates, including security updates and fixes.
Conclusion
By focusing on security updates, you can keep your Ubuntu Linux system secure without extensive system changes. Whether you choose to manually check and install security updates or automate the process, maintaining system security is crucial for a stable and reliable environment.
If unattended-upgrade has not yet been set up, you can use the wiki link below to install it and configure Ubuntu Linux so that security updates are installed automatically.
Have a look of setting unattended-upgrade
==================================================================================
Was this article of use to you? Post your insightful thoughts or recommendations in the comments section if you don’t find this article to be helpful or if you see any outdated information, a problem, or a typo to help this article better.
==================================================================================