Patch ubuntu 12.04 LTS server
Hello,
Last year i mounted 12.04.4 server amd64 iso on VMware host and installed a Ubuntu VM using it as customer requested it.
Currently it is kernel 3.11.0-15-generic
I now need to patch it to latest available kernel and apply security patches if any, can you help on
1.steps how this is to be done
2. What is new kernel available
3.list of packages it will upgrade and
4. In case our application team wants us to exclude any specific package during the patching then how do we do that.
Thanks,
Question information
- Language:
- English Edit question
- Status:
- Answered
- For:
- Ubuntu Edit question
- Assignee:
- No assignee Edit question
- Last query:
- Last reply:
Revision history for this message
|
#1 |
The answers to be given are more or less the same as in https:/
a. set up a sources.list file that contains the -updates and -security repositories
b. issue the command "sudo apt-get update" to load the current package inventory information to your system
c. check with "apt-get --simulate dist-upgrade" the list of packages that are due for an update
d. If you have the need to keep certain packages on the older relesae, you have to apt pin these to that version.
Your questions:
1. (has been answered above)
2. Your kernel seems to be from linux-lts-saucy that is no more supported, you should upgrade to linux-lts-trusty with the 3.13.0-55-generic kernel
3. (has been answered above)
4. (has been answered above)
What is the output of the terminal commands
uname -a
lsb_release -a
hwe-support-status --verbose
Revision history for this message
|
#2 |
Hello,
True, i had inquired for bask upgrade earlier and it went well, since i am absolutely new to Ubuntu so have doubts and servers are Production, and i work on Redhat and have few Ubuntu servers setup due to customer request.
$ uname -a
Linux vir-t-app01 3.11.0-15-generic #25~precise1-Ubuntu SMP Thu Jan 30 17:39:31 UTC 2014 x86_64 x86_64 x86_64 GNU/Linux
$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 12.04.4 LTS
Release: 12.04
Codename: precise
hwe-support-status --verbose (command not found.)
Can you guide me on upgrading my server to linux-lts-trusty with the 3.13.0-55-generic kernel, what will be the requirements for this upgrade, what about application hosting and data on the server...
Thanks.
Revision history for this message
|
#3 |
Please provide the output of
apt-cache policy update-manager-core
cat /etc/apt/
ls -l /etc/apt/
These commands will not change anything on your system and should not interfere with server operations at all.
In theory updating the packages to the current status (with bug fixes and enhancements) should not have any consequence for application hosting and data.
How do you manage package updates with Redhat? How do you care for regular patching of the programs against security vulnerabilities? I do not expect that this differs much from what is required to keep an Ubuntu system up-to-date.
There is just one remarkable feature in Ubuntu (do not know whether there is an equivalent in Redhat), that is the possibility to switch over from the 3.2 kernel provided in the original Ubuntu precise installation to the 3.5, 3.8, 3.11 and 3.13 kernel series (those provided by the later Ubuntu releases like quantal, raring, saucy and vivid).
Revision history for this message
|
#4 |
Outputs:
$ apt-cache policy update-manager-core
update-
Installed: 1:0.156.14.11
Candidate: 1:0.156.14.11
Version table:
*** 1:0.156.14.11 0
100 /var/lib/
1:0.156.14 0
500 http://
===================
:~$ cat /etc/apt/
#
# deb cdrom:[
# deb cdrom:[
# deb cdrom:[
#deb cdrom:[
#deb cdrom:[
#deb cdrom:[
# See http://
# newer versions of the distribution.
#odeb file:/home/
deb file:/usr/
deb http://
deb-src http://
deb http://
deb-src http://
## Major bug fix updates produced after the final release of the
## distribution.
deb http://
deb-src http://
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://
deb-src http://
deb http://
deb-src http://
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://
deb-src http://
deb http://
deb-src http://
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://
deb-src http://
deb http://
deb-src http://
deb http://
deb-src http://
deb http://
deb-src http://
## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://
# deb-src http://
## Uncomment the following two lines to add software from Ubuntu's
## 'extras' repository.
## This software is not part of Ubuntu, but is offered by third-party
## developers who want to ship their latest software.
# deb http://
# deb-src http://
:~$
=============
:~$ ls -l /etc/apt/
total 0
:~$
==============
In Redhat patching server to latest kernel or applying security patches is done via yum repository and for regular kernel patching we run dry run and inform the application team all packages that would get updated, so in case applications (eg. mysql,apache,perl) are not compatible with higher versions then we exclude them from getting updated.
In Redhat we are able to patch to latest available kernel and release of the OS version we are using.
In order to make Ubuntu server secure from vulnerabilities let me know if you recommend to upgrade my server to linux-lts-trusty with the 3.13.0-55-generic kernel or any other would you suggest.
Revision history for this message
|
#5 |
A similar process to what you are doing on Redhat (with yum) can also be done (and should be done) also on Ubuntu (with apt package management tools)
Your sources.list file looks ok (although I do not know what that http://
If this is a server, I assume that you will not need any of the deb-src lines, you could disable all of them by putting a hash sign '#' in front.
I recommend that you refresh the local copy of the package inventory information with the command
sudo apt-get update
This command should just copy the information about available updates to your system and does not change any software.
Please copy/paste the output into this question document that we can verify the result.
Revision history for this message
|
#6 |
Hello,
nl.archive.
link http://
So do you suggest me to keep the same and run 'sudo apt-get update'
Revision history for this message
|
#7 |
Just one of 213.136.29.218 and nl.archive.
And then run
sudo apt-get update
and check for any warning and/or errors.
Revision history for this message
|
#8 |
Hello,
I have requested for opening connection to port 80 for 213.136.29.218 from my server.
Will send the output as soon as i get the port opened.
Now the contents of sources.list is as below :
$ grep -v ^# /etc/apt/
deb http://
deb-src http://
Revision history for this message
|
#9 |
Your sources.list file now is missing the precise-updates and precise-security repositories! Where have all those gone from the file that you had in comment #4?
Revision history for this message
|
#10 |
And just a comment: I cannot reach 213.136.29.218 from my location. Are you sure that the IP address is correct?
Can't you use server names instead of IP addresses?
Revision history for this message
|
#11 |
Hello,
When looking at the Ubuntu wiki (https:/
I must say, when reading the wiki it is not absolutely clear to me what this HWE thing is,can you help to understand this.
http://
That page makes it more clear where HWE stands for.
We do not use it, we do not need it because of the fact we are running on ESX, VMware tools will normally take care of the hardware layer so does my Ubuntu server 12.04 LTS have support till 2017?
Thanks,
Revision history for this message
|
#12 |
If you have Ubuntu 12.04.4 installed, then you have installed a no-more-supported variant.
You should apply all available patches (preferably only after doing some testing in a test environment).
This will (most probably) upgrade your system to 12.04.5
And at the same time you should also upgrade to linux-lts-trusty with the 3.13.0-*-generic kernel.
The software that you are currently running has gone out of support, and your system is missing several security patches that close critical vulnerabilities.
Please read https:/
Can you help with this problem?
Provide an answer of your own, or ask Kadambari for more information if necessary.