How can I get security.ubuntu.com items?
I am using Ubuntu 11.04. All the items in Synaptic Package Manager are of 'archive.
# deb cdrom:[Ubuntu 11.04 _Natty Narwhal_ - Release i386 (20110427.1)]/ natty main restricted
# See http://
# newer versions of the distribution.
deb http://
deb-src http://
## Major bug fix updates produced after the final release of the
## distribution.
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://
deb-src http://
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://
deb-src http://
## Uncomment the following two lines to add software from the 'backports'
## repository.
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
# deb http://
# deb-src http://
deb http://
deb-src http://
deb http://
deb-src http://
deb http://
deb-src http://
## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://
# deb-src http://
## This software is not part of Ubuntu, but is offered by third-party
## developers who want to ship their latest software.
Question information
- Language:
- English Edit question
- Status:
- Solved
- For:
- Ubuntu synaptic Edit question
- Assignee:
- No assignee Edit question
- Solved by:
- Sam_
- Solved:
- Last query:
- Last reply:
Revision history for this message
|
#1 |
You have the security repos enabled....
Revision history for this message
|
#3 |
sudo apt-get update; sudo apt-get -y upgrade
You will get the secutrity updates. Or do you mean you ONLY want the security updates?
Thanks
Revision history for this message
|
#4 |
'sudo apt-get update' fetched only items from archive.ubuntu.com
Revision history for this message
|
#5 |
Check in software centre that the security updates are ticked.
Revision history for this message
|
#6 |
Search Results of security updates are:
1.Simple tool to mail about pending package updates(apticron)
2.Debian Security Analyzer (debsecan)
3.DNSSEC extension to NET::DNS (libnet-
4.automatic update of packages using apt-get (cron-apt)
5.diff and patch utilities which work with Debian packages (debdelta)
6.A dockable app that displays information about mailboxes (wmbiff)
7.run programs by URL (zeroinstall-
But nothing is tick marked. I don't know which one is needed.
Revision history for this message
|
#7 |
Security updates are listed there.
http://
Depends which packages are installed on your system, but certainly there has been e.g. an update recently for bind9 and gdm.
You can recheck if the latest versions are installed on your system.
e.g.
dpkg -l gdm
dpkg -l libdns69
dpkg -l bind9-host
Latest package versions and changelogs can also be searched there.
http://
Revision history for this message
|
#8 |
The only dpkg ( package name 'dpkg' ) is in natty/main. ( dpkg-dev is also there installed ). Installed version: 1.16.0~ubuntu7. There are no dpkg -l gdm , dpkg -l libdns69 or dpkg -l bind9-host in my system. I wish to know whether the items (i.e. the particular packages) from 'ubuntu.com/usn' should be saved. Some windows showed 'open with' and some showed 'save'. Since it was default I didn't try to change them. After rebooting no change happened.
Revision history for this message
|
#9 |
There are no 'devecot' , 'rampart', or 'eucalyptus' items (installed)
Should I try to install them? .....
natty/main shows a 'pam' package installed --'libpam-
In 'gdm' category 'gnome-session-bin' & 'gnome-session (versions 2.32.1-0ubuntu19) are attached to 'ubuntu-desktop' (so removal not possible)
I want the all the essential items for the smooth functioning of Ubuntu11.04. (from security.
Revision history for this message
|
#10 |
madhu,
as in your question
https:/
it doesn't help any further if you name and list random packages.
Your sources.list is *almost* ok this time and as you can see yourself from your topic entry, security repo is enabled already.
> deb http://
However sources.list is still missing Natty updates, as already suggested in Question #157739
deb http://
#deb-src http://
Actually no one has to edit sources.list and run command line tools since there is a GUI called Software-Sources to en/disable repositories and updates.
What acutally is your problem with enabling repositories
https:/
and enabling recommended updates in a GUI?
https:/
> Should I try to install them? .....
# e.g. eucalyptus
Do you run an enterprise cloud, servers?
https:/
For example, if you don't know what a package does, search it there and read descriptions.
http://
> The only dpkg ( package name 'dpkg' ) is in natty/main
The mentioned commands aren't there to search for the package 'dpkg', they're meant to show installed packages *via* dpkg. This is why you may rather show the output of these commands instead of commenting on it, otherwise the approach to help you doesn't generate results you're expecting.
'dpkg' is a package manager command line tool.
http://
Revision history for this message
|
#11 |
I think I had already set them as needed (for enabling repositories). Used 'Other Software' in Software Sources. 'Software-
Revision history for this message
|
#12 |
> Added APT line http://
madhu,
you don't need to *add* the line in third party software tab, you just need to tick 'Important and Recommended updates' there.
https:/
If above is impossible to achieve, try this.
As already suggested in Question #157739, close all GUIs, such as Software-Center, Synaptic, Update-Manager.
Open a terminal: ctrl+alt+t
Make a backup of the current sources.list:
sudo cp /etc/apt/
Open current sources.list:
gksudo gedit /etc/apt/
Compare the content between your current sources.list and pastebin, add missing lines.
http://
If above is impossible to achieve try to carefully paste complete content from pastebin into sources.list.
To empty current sources.list, highlight content with: ctrl+a, hit 'backspace' key to delete content completely.
Then copy and paste the content of pastebin into the sources.list file.
Save the file and close it.
Reload package list and test update.
sudo apt-get update
sudo apt-get upgrade
If uncertain about any steps, please ask and in case post error messages including the command you've issued.
Revision history for this message
|
#13 |
I had tick marked them both already. So when I opened 'Update manager' today, more than 133 MB items were ready to install. Since many items are not useful to me I didn't try to install them. sudo cp /etc/apt/
# deb cdrom:[Ubuntu 11.04 _Natty Narwhal_ - Release i386 (20110427.1)]/ natty main restricted
# See http://
# newer versions of the distribution.
deb http://
deb-src http://
## Major bug fix updates produced after the final release of the
## distribution.
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://
deb-src http://
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://
deb-src http://
## Uncomment the following two lines to add software from the 'backports'
## repository.
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
# deb http://
# deb-src http://
deb http://
deb-src http://
deb http://
deb-src http://
deb http://
deb-src http://
## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://
# deb-src http://
## This software is not part of Ubuntu, but is offered by third-party
deb http://
## developers who want to ship their latest software.
# deb http://
# deb-src http://
-------
-------
After emptying sources.list, The new saved items from pastebin appeared as an additional item 'sources.
I DIDN'T USE INTERNET for the following. I shall use internet if you say everything is OK
First few lines of sudo apt-get update is :
Err http://
Err http://
Err http://
Err http://
Err http://
Could not resolve 'extras.ubuntu.com'
Err http://
Could not resolve 'archive.
Err http://
Could not resolve 'archive.
Err http://
Could not resolve 'archive.
Reading package lists... Done
Revision history for this message
|
#14 |
madhu,
this
> sudo cp /etc/apt/
doesn't give a result in terminal, but creates a backup of sources.list in /etc/apt.
> new saved items from pastebin appeared as an additional item 'sources.
The content isn't from pastebin, it's the -backup which you've made before with mentioned command above.
The output of
> First few lines of sudo apt-get update is
suggests that your current sources.list is missing essential repositories, such as updates and security.
The output of /etc/apt/
This:
## This software is not part of Ubuntu, but is offered by third-party
deb http://
is not third party, it's an essential part of Ubuntu repository.
This:
## developers who want to ship their latest software.
# deb http://
# deb-src http://
is not developers latest software, instead it's an essential part of Ubuntu repository and it's wrongly commented out.
Please explain where the problem is to replace a content from a given output A into file B, or comparing A and B in order to correct B?
Revision history for this message
|
#15 |
> The content isn't from pastebin, it's the -backup which you've made before with mentioned command above.
You are right.
> Please explain where the problem is to replace a content from a given output A into file B, or comparing A and B in order to correct B?
Even though I clicked 'Edit anyway', I couldn't add the missing lines. I couldn't replace it either.
Revision history for this message
|
#16 |
I didn't use the command. That is why 'Edit anyway' appeared. Understood my mistake and used command. I removed the content,replaced and saved. But the output is:
(gedit:2206): Gtk-WARNING **: Attempting to set the permissions of `/root/
(gedit:2206): Gtk-WARNING **: Attempting to store changes into `/root/
(gedit:2206): Gtk-WARNING **: Attempting to set the permissions of `/root/
Revision history for this message
|
#17 |
ok run:
sudo -i
then run:
touch /root/.
Then retry, should stop those pesky messages
Revision history for this message
|
#18 |
[sudo] password :
root@ -desktop:~# touch /root/.
touch: cannot touch `/root/
root@ -desktop:~#
Tried using '; exit' also :) ...... Same result repeated.
The only thing I want is the essential items to make Ubuntu 11.04 secure.
Revision history for this message
|
#19 |
Connect to Server is in "Public FTP". Need I do anything here?
Revision history for this message
|
#20 |
In another attempt I got this output
(gedit:1884): Gtk-WARNING **: Attempting to set the permissions of `/root/
(gedit:1884): Gtk-WARNING **: Attempting to store changes into `/root/
(gedit:1884): Gtk-WARNING **: Attempting to set the permissions of `/root/
(gedit:1884): Gtk-WARNING **: Attempting to store changes into `/root/
(gedit:1884): Gtk-WARNING **: Attempting to set the permissions of `/root/
Revision history for this message
|
#21 |
> > but failed: No such file or directory
Admit a user needs to guess what is missing now, file or directory, instead of giving an output such as "directory XY is missing, do you want to create it: y/n" or creating it automatically.
## Maybe worth a papercut bug in 'sudo'.
Open a terminal and create the directory:
sudo mkdir -p /root/.local/share
> Connect to Server is in "Public FTP". Need I do anything here?
No.
Reference.
https:/
http://
http://
Revision history for this message
|
#22 |
> do you want to create it: y/n" or creating it automatically.
I don't know which is good. As I have mentioned already in #18 -- The only thing I want is the essential items to make Ubuntu 11.04 secure. ( Get all the security items listed and essential ones installed )
I searched in 'InstallingSecu
> Open a terminal and create the directory:
Since I didn't know what to do next, I didn't try to use 'sudo mkdir -p /root/.local/share'
Did you mean to do as you mentioned in#12? --
"To empty current sources.list, highlight content with: ctrl+a, hit 'backspace' key to delete content completely.
Then copy and paste the content of pastebin into the sources.list file.
Save the file and close it.
Reload package list and test update.
sudo apt-get update
sudo apt-get upgrade"
Revision history for this message
|
#23 |
madhu,
in order to get rid of these messages
> (gedit:1884): Gtk-WARNING **: Attempting to set the permissions of `/root/
create the directory:
sudo mkdir -p /root/.local/share
After this you should be able to open and edit sources.list as mentioned above.
> I searched in 'InstallingSecu
What do you want to achieve, what kind of security tools you want to install and what should they secure?
FYI.
http://
Revision history for this message
|
#24 |
Ctrl+a didn't work. So I added the missing lines. Saved & Closed. Used Internet
[sudo] password for
Ign http://
Ign http://
Ign http://
Hit http://
Hit http://
Hit http://
Hit http://
Hit http://
Hit http://
Hit http://
Hit http://
Hit http://
Hit http://
Hit http://
Hit http://
Hit http://
Hit http://
Ign http://
Ign http://
Ign http://
Ign http://
Hit http://
Hit http://
Hit http://
Hit http://
Hit http://
Hit http://
Hit http://
Hit http://
Ign http://
Ign http://
Ign http://
Ign http://
Hit http://
Hit http://
Hit http://
Hit http://
Hit http://
Hit http://
Hit http://
Hit http://
Ign http://
Ign http://
Ign http://
Ign http://
Ign http://
Ign http://
Ign http://
Ign http://
Ign http://
Ign http://
Ign http://
Ign http://
Ign http://
Ign http://
Ign http://
Ign http://
Ign http://
Ign http://
Ign http://
Ign http://
Ign http://
Ign http://
Ign http://
Ign http://
Ign http://
Ign http://
Ign http://
Ign http://
Reading package lists... Done
-------
> What do you want to achieve, what kind of security tools you want to install and what should they secure?
I am an ordinary user. So I want to secure Internet connection, Emails, Folders, Files etc. ( i.e. essentials for normal purposes ). If possible I wish to avoid 3rd party items also.
Revision history for this message
|
#25 |
The default install is pretty secure, just keep root use to a minimum and you'll be ok. You can use a proxy to secure web access. Depends what you have to hide
Revision history for this message
|
#26 |
> just keep root use to a minimum and you'll be ok.
Didn't understand. Would you please explain it very briefly (in 2 or 3 lines)?
-------
In 'sudo apt-get update' (#24) there are so many 'Hits'. And everything is from 'archive'. Will I get updates from natty-security/
Though I had added the first few lines,Sources.
This line is seen only in sources.list-backup
The FIRST 4 LINES in sources.list.save are:
# See http://
# newer versions of the distribution.
deb http://
deb-src http://
-------
Can I avoid 3rd Party items?
Revision history for this message
|
#27 |
Your user is only a user, it just happens to be a member of the admin grup. This allows it to use sudo. If you keep sudo use to ONLY when it is needed then it helps keep your system secure a LOT. Logging on as root significantly reduces security but a lot of users do it as they dislike typing their passwords so much.
Revision history for this message
|
#28 |
Nothing to worry about the following? (as mentioned in #26)
1. Hit ( seen in #24)
2. Missing " # deb cdrom:[Ubuntu 11.04 _Natty Narwhal_ - Release i386 (20110427.1)]/ natty main restricted)"
3. updates from natty-security/
4. 3rd Party items
Revision history for this message
|
#29 |
In /srv/irclogs.
Revision history for this message
|
#30 |
> Will I get updates from natty-security/main
Yes.
Read the output from source.list (#24), everything 'hit' is what you'll get.
To simple exclude, lets put it the other way around, if there were anything wrong, we would tell you.
> Missing " # deb cdrom:[Ubuntu 11.04 _Natty Narwhal_ - Release i386 (20110427.1)]/
You can add the line in sources.list if you wish, I didn't have it in pastebin, because I don't need it.
It just means, if the line is there, deb.cdrom... isn't outcommented in sources.list, and apt expects it to find, so just comment it out with '#'.
> stay safe is to stay up to date on your security updates". That was why I asked you about security.ubuntu.com
Again, as the output from #24 suggests no errors where encountered.
Revision history for this message
|
#31 |
Thank you Sam. Thank you actionparsnip.
Both of you cleared my doubts (with great patience) and made 'my' Ubuntu more safe.
Revision history for this message
|
#32 |
Thanks Sam_, that solved my question.
Revision history for this message
|
#33 |
natty-updates/main (archive.
natty-updates/
natty-updates/
natty/main (archive.
natty/multiverse (archive.
natty/restricted (archive.
natty/universe (archive.
Updated without any difficulty. These are the 7 origins now I have in Synaptic Package Manager.