Debian

Check for a required reboot on Debian and Ubuntu systems

Debian based systems, like Ubuntu, need sometimes a reboot as well. We have a look on determining if a required reboot is needed and due to what packages.

Summary of Check for a required reboot on Debian and Ubuntu systems

Administrators of Debian-based systems know they have to reboot their systems, just like any other Linux distribution. However, why is the reboot needed? Could we monitor for which systems need an actual reboot? Required restart required? Required reboot Software can contain issues, which we call bugs. Most bugs are just annoying if you encounter them and can be fixed by upgrading to a newer version of the software. Other bugs are special in the way that they may leak sensitive data or allow unauthorized access to the software or system.

Read the full article…

Determine Processes Which Need a Restart with checkrestart/needrestart

Just patching software packages is not enough. We cover a few utilities which help you to determine which processes need a restart to complete software patch management.

Summary of Determine Processes Which Need a Restart with checkrestart/needrestart

Proper software patch management helps reducing weaknesses on your systems. But even if you patched an outdated system, old processes and libraries can continue to run in memory. For example when a library is updated, an active program might still use the old version. To really finish the process of software patching, we have to do more. This includes preparation, performing the update and finally check if we need a restart of software components.

Read the full article…

Discover to which package a file belongs to

With the right Linux software tools, it is easy to find to which package a file belongs. Or the opposite, what files are part of an installed package.

Summary of Discover to which package a file belongs to

Sometimes you want to know the related package of a file, before installation, or when it is already there. This is of great help during system hardening or general system cleanups. In this article we have a look at several ways to determine the relationships between files and the package they belong to. We have gathered this information for multiple Linux distributions. Most options used in this article have also a long format option.

Read the full article…

How to solve an expired key (KEYEXPIRED) with apt

Software updates and package management is easy, until you get a KEYEXPIRED message. In this article we should how it happens and the way to solve it.

Summary of How to solve an expired key (KEYEXPIRED) with apt

Software updates and package management is easy with systems based on Debian or Ubuntu. Just apt-get update (or apt update) and run an upgrade. But sometimes you may encounter the following situation: a KEYEXPIRED message. KEYEXPIRED message # apt-get update && apt-get upgrade Get:1 http://security.ubuntu.com/ubuntu xenial-security InRelease [94.5 kB] Hit:2 http://nl.archive.ubuntu.com/ubuntu xenial InRelease Get:3 http://nl.archive.ubuntu.com/ubuntu xenial-updates InRelease [95.7 kB] Hit:4 http://nl.archive.ubuntu.com/ubuntu xenial-backports InRelease Hit:5 https://packages.cisofy.com/community/lynis/deb stable InRelease Get:6 http://nl.archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages [373 kB] Ign:7 http://nginx.

Read the full article…

How to solve Shellshock on Debian and Ubuntu

Also Debian and Ubuntu are vulnerable for Shellshock vulnerability in Bash. That's why it is important to run apt update and perform an upgrade of Bash.

Summary of How to solve Shellshock on Debian and Ubuntu

Protect against Shellshock Shellshock is a serious software weakness, or vulnerability, in Bash. This shell is used on almost all Unix based systems, including Debian and Ubuntu. As it can be used without much effort and remotely exploit systems, it has a maximum vulnerability score according to CVSS. Upgrade Bash First update the software repository with apt-get, using the update parameter. apt-get update && apt-get install -only-upgrade bash Your system should now have a newer version of bash.

Read the full article…

Linux vulnerabilities: from detection to treatment

How to deal with Linux vulnerabilities? This article shares the insights, methods, and tools to help with detection and prevention on Linux systems.

Summary of Linux vulnerabilities: from detection to treatment

If you worked with a computer the last decade, you know the importance of keeping your software up-to-date. Those who don’t, are stacking up vulnerabilities, waiting for them to being exploited by others. Although Linux and most software are open source and can be reviewed, security flaws in software packages remain. While it isn’t easy to close every vulnerability on your system, we can at least create a stable process around it.

Read the full article…

Using unattended-upgrades on Debian and Ubuntu

To counter the biggest threat to software packages, Debian and Ubuntu based systems can use unattended-upgrades, to install security patches automatically.

Summary of Using unattended-upgrades on Debian and Ubuntu

To counter the biggest threat to software packages, they should be updated on a regular basis. Vulnerabilities are discovered on a daily basis, which also requires we monitor daily. Software patching takes time, especially when testing and reboots are needed. Fortunately, systems running Debian and Ubuntu can use unattended-upgrades to achieve automated patch management for security updates. Installation With most software packages, unattended-upgrades has to be installed. apt install unattended-upgrades

Read the full article…