Add user to Docker group for running commands without sudo:
Log out, then log back in.
Verify the installation:
For upgrading, the process is the same as installing:
This is for Debian/Ubuntu flavored systems.
Keep a single server up to date is easy, but updating multiple servers at once, you need tools like Ansible. For each server, here is a list of basic steps:
- Check if there are packages available to be upgraded
- Upgrade all packages to the latest version
- Check if a reboot is required
- Reboot the server
When we log into the remote server, we might see the message showing the number of packages can be updated. The message is generated by:
And it is available at:
We don’t need that detailed information, we just simply want to know if there are update available.
/usr/lib/update-notifier/apt-check shows any pending updates:
To list all the packages instead of simple
--package-names option will write data to
stderr instead of
stdout. If there are no packages needed to be installed, then the
stderr should be empty.
If there are packages to be installed or upgraded. Ansible has the apt module to manage them in Debian/Ubuntu based systems.
And the developer claimed: “According to http://heartbleed.com/. OpenSSL 1.0.1g is NOT vulnerable. Also I have restarted all services on this server.”
So, OpenSSL has been updated and the all services have been restarted, but why does the problem still persist?
I took a look at the command history he ran:
The OpenSSL library has been built from the source, which is fine, but the problem is that the Nginx server was still using the old library distributed by Ubuntu:
In effect, there were two versions of OpenSSL library installed in the system, one was built from the source, and another one was managed by
However, the bigger problem is the version of the operating system:
Ubuntu 13.04 is not supported anymore according to https://wiki.ubuntu.com/Releases. The developer probably issued
apt-get upgrade, but nothing to be updated, because Ubuntu stopped supporting the release. Therefore, no security update. And Ubuntu 13.04 is not listed in Ubuntu Security Notice USN-2165-1. So, the developer opted for building the library from the source. After installation from the source, the binary
openssl was overridden by the source build, and the command
openssl version showed the latest and patched version
To fix the problem, we need to reinstall the package first:
$ sudo apt-get install --reinstall openssl
Now, this will revert control back to
apt-get and overwrite the binary
And then we must perform the distribution upgrade to the latest long term support version, in order to continue receiving updates.
The lesson I have learned from this is that if you are going the wrong direction, no matter how hard you work, you are not going to make it. Make sure to take the initial investment, and really understand the true cause of the problem before attempting to resolve the issue. And don’t blindly follow the procedure. Understand it first, and adapt to your specific situation. As Abraham Lincoln once said:
“If I have nine hours to chop down a tree, I’d spend the first six sharpening my ax.”
All time zone files are located:
Locate the timezone file name such as
Change the time zone as root:
echo 'Asia/Hong_Kong' > /etc/timezone
Configure time zone data:
dpkg-reconfigure --frontend noninteractive tzdata