如何使用CLI在Linux中更新安全补丁
时间:2020-01-09 10:39:48 来源:igfitidea点击:
如何在Linux操作系统中应用和更新安全补丁?
您能告诉Linux命令更新安全补丁吗?
Linux中存在潜在的安全漏洞。
各种Linux发行版都发布了安全更新和补丁程序,以缓解潜在的漏洞。
该页面显示了如何使用命令行选项在Linux中应用这些安全补丁,以确保服务器或台式机的安全。
如何在Linux中更新安全补丁
- 打开终端应用程序
- RHEL/CentOS/Oracle Linux用户运行:
sudo yum update - Debian/Ubuntu Linux用户运行:
sudo apt update && sudo apt upgrade - OpenSUSE/SUSE Linux用户运行:
sudo zypper up
让我们详细查看所有命令和示例。
在CentOS/RHEL/Oracle Linux中应用安全补丁
执行以下yum命令:
sudo yum check-update ## check for updates ## sudo yum updateinfo ## list updates available for the RHEL/CentOS ##
输出示例:
Last metadata expiration check: 0:01:26 ago on Tuesday 12 November 2019 08:27:52 PM UTC.
Updates Information Summary: available
2 Security notice(s)
2 Important Security notice(s)
71 Bugfix notice(s)
14 Enhancement notice(s)
Security: kernel-core-4.18.0-147.el8.x86_64 is an installed security update
Security: kernel-core-4.18.0-80.11.2.el8_0.x86_64 is the currently running version
在RHEL 8/7盒上应用所有这些更新:
sudo yum update
由于已安装内核安全更新,请重新引导Linux系统:
sudo shutdown -r 0
关于Fedora Linux用户的说明
运行dnf命令:
sudo dnf update
如果安装了新的内核或微代码更新,请重新引导Linux:
sudo reboot
Debian/Ubuntu/Linux Mint应用更新
运行以下apt命令:
sudo apt update
列出可用的安全修补程序或更新:
sudo apt list --upgradable
ansible/bionic 2.9.0-1ppa~bionic all [upgradable from: 2.7.10-1ppa~bionic] apt/bionic-updates 1.6.12 amd64 [upgradable from: 1.6.10] apt-transport-https/bionic-updates 1.6.12 all [upgradable from: 1.6.10] apt-utils/bionic-updates 1.6.12 amd64 [upgradable from: 1.6.10] base-files/bionic-updates 10.1ubuntu2.7 amd64 [upgradable from: 10.1ubuntu2.4] bash/bionic-updates 4.4.18-2ubuntu1.2 amd64 [upgradable from: 4.4.18-2ubuntu1] bsdutils/bionic-updates 1:2.31.1-0.4ubuntu3.4 amd64 [upgradable from: 1:2.31.1-0.4ubuntu3.3] console-setup/bionic-updates 1.178ubuntu2.9 all [upgradable from: 1.178ubuntu2.8] console-setup-linux/bionic-updates 1.178ubuntu2.9 all [upgradable from: 1.178ubuntu2.8] debconf/bionic-updates 1.5.66ubuntu1 all [upgradable from: 1.5.66] debconf-i18n/bionic-updates 1.5.66ubuntu1 all [upgradable from: 1.5.66] dmsetup/bionic-updates 2:1.02.145-4.1ubuntu3.18.04.1 amd64 [upgradable from: 2:1.02.145-4.1ubuntu3]
接下来,在Debian/Ubuntu服务器上安装这些安全补丁:
sudo apt upgrade
输出示例:
Reading package lists... Done Building dependency tree Reading state information... Done Calculating upgrade... Done The following packages were automatically installed and are no longer required: ieee-data python-certifi python-chardet python-jmespath python-kerberos python-libcloud python-lockfile python-netaddr python-openssl python-requests python-selinux python-simplejson python-urllib3 python-xmltodict wget Use 'apt autoremove' to remove them. The following packages will be upgraded: ansible apt apt-transport-https apt-utils base-files bash bsdutils console-setup console-setup-linux debconf debconf-i18n dmsetup dpkg dpkg-dev fdisk grep initramfs-tools initramfs-tools-bin initramfs-tools-core iputils-ping keyboard-configuration language-pack-en libapt-inst2.0 libapt-pkg5.0 libblkid1 libdevmapper1.02.1 libdns-export1100 libdpkg-perl libfdisk1 libisc-export169 libldap-2.4-2 libldap-common libmount1 libnss-systemd libpam-systemd libprocps6 libsmartcols1 libsystemd0 libudev1 libuuid1 login mount netplan.io nplan passwd procps python-apt-common python-pip-whl python3-apt python3-distutils python3-lib2to3 python3-pip python3-software-properties software-properties-common systemd systemd-sysv ubuntu-minimal udev unattended-upgrades util-linux xkb-data 61 upgraded, 0 newly installed, 0 to remove and 0 not upgraded. Need to get 24.5 MB of archives. After this operation, 26.8 MB of additional disk space will be used. Do you want to continue? [Y/n]
如果Linux内核已针对安全问题进行了更新或修补,请重新引导系统:
sudo reboot
OpenSUSE或SUSE Enterprise Linux应用安全补丁和更新
首先,使用zypper命令刷新所有存储库:
sudo zypper refresh
输出示例:
Repository 'SLE-Module-Basesystem15-SP1-Pool' is up to date. Repository 'SLE-Module-Basesystem15-SP1-Updates' is up to date. Repository 'SLE-Module-Containers15-SP1-Pool' is up to date. Repository 'SLE-Module-Containers15-SP1-Updates' is up to date. Repository 'SLE-Module-Desktop-Applications15-SP1-Pool' is up to date. Repository 'SLE-Module-Desktop-Applications15-SP1-Updates' is up to date. Repository 'SLE-Module-DevTools15-SP1-Pool' is up to date. Repository 'SLE-Module-DevTools15-SP1-Updates' is up to date. Repository 'SLE-Module-Legacy15-SP1-Pool' is up to date. Repository 'SLE-Module-Legacy15-SP1-Updates' is up to date. Repository 'SLE-Module-Public-Cloud15-SP1-Pool' is up to date. Repository 'SLE-Module-Public-Cloud15-SP1-Updates' is up to date. Repository 'SLE-Module-Python2-15-SP1-Pool' is up to date. Repository 'SLE-Module-Python2-15-SP1-Updates' is up to date. Repository 'SLE-Module-CAP-Tools15-SP1-Pool' is up to date. Repository 'SLE-Module-CAP-Tools15-SP1-Updates' is up to date. Repository 'SLE-Product-SLES15-SP1-Pool' is up to date. Repository 'SLE-Product-SLES15-SP1-Updates' is up to date. Repository 'SLE-Module-Server-Applications15-SP1-Pool' is up to date. Repository 'SLE-Module-Server-Applications15-SP1-Updates' is up to date. Repository 'SLE-Module-Web-Scripting15-SP1-Pool' is up to date. Repository 'SLE-Module-Web-Scripting15-SP1-Updates' is up to date. All repositories have been refreshed.
接下来,显示OpenSUSE或SUSE Enterprise Linux服务器上所有可用更新和补丁的列表:
zypper list-updates
输出示例:
Loading repository data... Reading installed packages... S | Repository | Name | Current Version | Available Version | Arch --+-------------------------------------+-------------------+-----------------------------+------------------------------+------ v | SLE-Module-Basesystem15-SP1-Updates | command-not-found | 0.2.1+20161004.20a0aae-4.28 | 0.2.2+20190613.e6c2668-6.3.2 | noarch v | SLE-Module-Basesystem15-SP1-Updates | rsyslog | 8.33.1-3.17.1 | 8.33.1-3.22.4 | x86_64 v | SLE-Module-Basesystem15-SP1-Updates | scout | 0.2.1+20161004.20a0aae-4.28 | 0.2.2+20190613.e6c2668-6.3.2 | noarch v | SLE-Module-Basesystem15-SP1-Updates | yast2-dns-server | 4.1.2-7.83 | 4.1.4-9.3.2 | noarch
最后,应用这些更新,运行:
sudo zypper update
输出示例:
The following 4 packages are going to be upgraded: command-not-found rsyslog scout yast2-dns-server 4 packages to upgrade. Overall download size: 848.7 KiB. Already cached: 0 B. After the operation, additional 19.7 KiB will be used. Continue? [y/n/v/...? shows all options] (y): y Retrieving package rsyslog-8.33.1-3.22.4.x86_64 (1/4), 625.5 KiB ( 2.2 MiB unpacked) Retrieving: rsyslog-8.33.1-3.22.4.x86_64.rpm ...........................................................................................[done] Retrieving package scout-0.2.2+20190613.e6c2668-6.3.2.noarch (2/4), 85.5 KiB (248.7 KiB unpacked) Retrieving: scout-0.2.2+20190613.e6c2668-6.3.2.noarch.rpm ..............................................................................[done] Retrieving package yast2-dns-server-4.1.4-9.3.2.noarch (3/4), 92.0 KiB (433.9 KiB unpacked) Retrieving: yast2-dns-server-4.1.4-9.3.2.noarch.rpm ....................................................................................[done] Retrieving package command-not-found-0.2.2+20190613.e6c2668-6.3.2.noarch (4/4), 45.7 KiB (116.0 KiB unpacked) Retrieving: command-not-found-0.2.2+20190613.e6c2668-6.3.2.noarch.rpm ..................................................................[done] Checking for file conflicts: ...........................................................................................................[done] (1/4) Installing: rsyslog-8.33.1-3.22.4.x86_64 .........................................................................................[done] Additional rpm output: Updating /etc/sysconfig/syslog ... (2/4) Installing: scout-0.2.2+20190613.e6c2668-6.3.2.noarch ............................................................................[done] (3/4) Installing: yast2-dns-server-4.1.4-9.3.2.noarch ..................................................................................[done] (4/4) Installing: command-not-found-0.2.2+20190613.e6c2668-6.3.2.noarch ................................................................[done]
请参见zypper手册页。
