Linux Server setup

Update Linux

In the last chapter Secure Linux server we enabled the firewall and created the user tom with sudo permissions. We also configured a key-based authentication method, installed protection against DoS attacks, and changed the SSH port.

In this chapter, we finally get around to updating the operating system and the installed software. We could just as well have installed the updates right at the beginning. However, I think it makes more sense to secure the server before sending the IP across the Internet.

As a package manager, we use the Advanced Packaging Tool (APT). The apt tool is an evolution of apt-get. You'll probably read about apt-get more often on the web because it's still in use. Both are based on Debian's dpkg (Debian Package Manager) package management, by the way, which you will run into here and there.

Package management system APT

The apt command can search, install, delete, update program packages and everything else a package manager must be able to do.

We are mainly interested in:

  • apt list
  • apt update
  • apt upgrade
  • apt autoremove
  • apt clean

update and upgrade are a bit confusing at the beginning, because update does not update the packages, but only the package list. A database is used to manage all packages. A package list stored there reflects which packages are installed on the system and also which other packages they depend on. However, the package versions do not have to match the actual installed ones. Only with upgrade the package versions, according to the package list are downloaded and installed.

Update the package list: update
Update the packages: upgrade

Package lists

The list --installed parameter shows packages that are installed:

__$ sudo apt list --installed

The output can be filtered with a package name or, as is so often the case with Linux, with a wildcard (*):

__$ sudo apt list --installed opens*

The output looks something like this:

Listing... Done
openssh-client/focal-updates,now 1:8.2p1-4ubuntu0.3 amd64 [installed,automatic]
openssh-server/focal-updates,now 1:8.2p1-4ubuntu0.3 amd64 [installed]
openssh-sftp-server/focal-updates,now 1:8.2p1-4ubuntu0.3 amd64 [installed,automatic]
openssl/focal-security,now 1.1.1f-1ubuntu2.8 amd64 [installed,upgradable to: 1.1.1f-1ubuntu2.9]

--upgradeable shows for which packages new versions are available:

__$ sudo apt list --upgradeable

Update and upgrade

Then let's get started and update the package list:

__$ sudo apt update

The updated package list decides which packages to download and install with upgrade:

__$ sudo apt upgrade -y

During the installation preparation it is usually asked whether the installation should really be completed. This would have to be confirmed with the y key. The -y parameter preempts this and confirms the request automatically.

When this process has run through, all "updates" are installed.

Clean up with autoremove and clean

Packages can be dependent on other packages. These dependencies are installed automatically. However, they are left behind when the "main" package is removed. autoremove searches for neglected packages and deletes them.

__$ sudo apt autoremove

Installation files end up in the archive folder /var/cache/apt/archives/. With clean this can be cleaned up. This saves disk space and makes a later backup leaner.

__$ sudo apt clean