How do I Apply Debian Linux Security update?

November 15, 2010 by: upa_kid


It is very easy to update Debian Linux over Internet so that you can get updated packages in stable distribution. This short article explains you how to keep up to date your Debian server/workstation along with small tips.
Step # 1 Configure Debian to get updates

You need to configure the package resource list, which is used to locate archives of the package distribution system in use on the system. You need to edit file /etc/apt/sources.list. However Debian comes with different tools to save your life (pick any one of the following to configure your system)

Option I:
If you are using GUI (KDE/Gnome) use synaptic GUI package manager (/usr/sbin/synaptic) is the best choice for you. Synaptic is a frontend for the apt package managent system. Assuming that you are using Gnome Desktop > Click on Application > System Tools > Synaptic Package Manage. It will ask you to authenticate, please supply root user password. Once Synaptic is on screen, select Properties > Repositories. If you can not find URL http://security.debian.org/, then click on New button and add the information as follows:
URL: http://security.debian.org/
Distribution: testing/updates
Section: main contrib

Where,
URL can be cdrom, file, http, and ftp. This is the place where apt will search for updates and packages.

Distribution specifies our distibution type for example it can be stable, unstable or testing.
Stable distribution used on production system.
Testing is like beta distribution, mostly after some time this moves to statble distribution,
Unstable is under development distribution.

Section specifies what component you would like to get. For example main component includes most of the packages, where contrib packages are contributed by users and so on.

Option II:
If you are using command line then use apt-setup command. It is an interactive program that simplifies adding sources to apt’s sources.list. It knows about all the major debian mirrors and can help you select one. On remote debian server over ssh this tool will save you. Most admin uses this option to configure/reconfigure apt source list. Login as root and type command:
# apt-setup
Follow on screen instructions.

(A) Select http/ftp server to get updates:

(B) Select nearest mirror country wise, this is essential for speedy download:

(C) Setup proxy server, username and password. This is only required if you don’t have direct access to Internet else please press enter key:

(D) Save the configuration and exit as you don’t have any more APT configuration required:

Option III: Edit file /etc/apt/sources.list
This is the fastest way to specify list of Internet site to get updates. Login as root user and fire vi text editor:
# vi /etc/apt/sources.list

Please add following lines to it:
deb http://ftp.iitm.ac.in/debian/ testing main
deb http://security.debian.org/ testing/updates main contrib

Save the file and exit to command prompt. I’m using ftp.iitm.ac.in to get all packages. This is the nearest mirror for me. If not sure then I recommend to use apt-setup tool. This tool aware of mirror according to your country.
Step # 2: Resynchronize the package index files

It is important to this step. This enables to fetch information of updated packages. Type apt-get command as follows:
# apt-get update

Hit http://ftp.iitm.ac.in testing/main Packages
Hit http://ftp.iitm.ac.in testing/main Release
Hit http://security.debian.org testing/updates/main Packages
Hit http://security.debian.org testing/updates/main Release
Hit http://security.debian.org testing/updates/contrib Packages
Hit http://security.debian.org testing/updates/contrib Release
Reading Package Lists… Done

Step # 3: Upgrade the Debian

You got list of updated package list, naturally next logical step is to upgrade system. Just type following command.
# apt-get upgrade

Building Dependency Tree… Done
The following packages have been kept back:
apache-common base-config bind9-ho…
…..
443 upgraded, 0 newly installed, 0 to remove and 374 not upgraded.
Need to get 249MB of archives.
After unpacking 39.8MB of additional disk space will be used.
Do you want to continue? [Y/n]

Hit enter key to get updates. Please note that this will take some time.
Optional information

Following tips may give you more information.

Q. How do I find Debian package is upgradeable or not?
A:
You must have a command called apt-show-versions installed on system. First install it:
# apt-get install apt-show-versions
Next just type apt-show-versions command to get only list of upgradeable packages :
# apt-show-versions -u | less
Or better grep it:
# apt-show-versions -u | grep “apache”

Q: How do I upgrade all packages in testing:
A:
Well, you can use above procedure or use apt-show-versions command as follows:
# apt-get install $(apt-show-versions -u -b | fgrep testing)

Q: How do I upgrade specific packages
Very easy just type package name, for example if you wish to upgrade apache-perl package then type:
# apt-get install apache-perl
This is useful if you just wish to upgrade single package and not entire system.

For more information:
* Read man pages of apt-get(8), sources.lst(5)
* Read official Debian security information.
* Subscribe debian-security-announce mailing list. This is the first place where the security team informs the users about security problems about Debian packages.

Update 26-Sep-05, 01:27 AM:

You might experience some problem while doing upgrade, check out small update by our regular contributor on forum.

Share and Enjoy:
  • Print
  • Digg
  • Sphinn
  • del.icio.us
  • Facebook
  • Mixx
  • Google Bookmarks
  • Blogplay
Have you found this script useful? Please support author by PayPal donation.

Leave a Reply