Computer Science – P1English

Unattended Upgrades can run in the background to keep your Linux machine up-to-date. Here are a few commands to become familiar with.

Update software packages and system components:

$ apt update

Update and upgrades in one command:

$ apt update && apt upgrade -y

Install, enable, and start the service:

$ apt install unattended-upgrades && systemctl enable — now unattended-upgrades

Configuration settings for the file can be located at the file path listed here. Be sure to back up the file if you are making changes. See the reference link at the bottom for more information on the various configuration settings that may suit your particular needs.

/etc/apt/apt.conf.d/50unattended-upgrades

Reference: “Enabling automatic security updates on Linux” posted by Starline,

Server prerequisites: Windows Server; DHPC server automatically assigning IP addresses (ensure Options 66 and 67 are set properly); TFTP server for boot images; network switches/routers for PXE boot traffic.

Client prerequisites: Ensure the network interface card (NIC) supports PXE booting; enable network boot in BIOS/UEFI, with priority set to network booting,

Process flow:

On client startup, the computer will request the following through the network card:

A network IP address
A TFTP server address, in order to pull the initial boot file instructions
Bootfile (NBP – Network Bootstrap Program) download, which may be a minimal loader or script for imaging
The bootfile can initiate the OS install, additional scripts, or connection to a management console.

Network security settings: Firewall setting may need to be updated to allow DHCP and TFTP traffic. The PXE boot environment may need to be updated for enhanced security. Tightening up security may involve isolating PXE traffic in its own VLAN; UEFI Secure Boot should be use if/when possible; MAC filters could be applied; updating the DHCP server Access Control List.

Category: Computer Science

Linux security updates

PXE Boot basic overview