You read the post Introducing Linux Certifications, and you decided that you need to learn Linux.
You followed the steps in the post 7 easy steps to install Ubuntu on a VM and installed Ubuntu on a VM or on your laptop/desktop.
You heard a lot about hackers and security breaches that take place daily. You are a cautious person and you treat security with utmost seriousness.
Now you ask yourself how to keep your Ubuntu machine up to date with the latest software and for how long you will receive security updates from Canonical, the company that develops and publishes Ubuntu.
Table of Contents
In this post, I will share with you the steps you need to take in order to update Ubuntu and install the latest software available in Ubuntu repositories. I will also show you how you can increase the security coverage of your Ubuntu OS from 5 years to 10 years.
My assumption is that you run an Ubuntu LTS version. LTS stands for Long Term Support.
Canonical releases Ubuntu LTS every 2 years. The latest LTS version is Ubuntu 22.04.
How to check the Ubuntu version
In order to check the Ubuntu version installed on your machine, run the following command.
petru@ubuntu-dev:~$ cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.2 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.2 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="https://www.ubuntu.com/"
SUPPORT_URL="https://help.ubuntu.com/"
BUG_REPORT_URL="https://bugs.launchpad.net/ubuntu/"
PRIVACY_POLICY_URL="https://www.ubuntu.com/legal/terms-and-policies/privacy-policy"
UBUNTU_CODENAME=jammy
petru@ubuntu-dev:~$
To find and read more about Ubuntu releases, take a look at this page.
How to update the software running on Ubuntu
It is best practice to always check for updates and install the latest packages, which usually contain security improvements and bug fixes.
In Ubuntu it is pretty easy to check for updates. You need to use the apt packet manager and run the following commands. The first command, apt-get update or apt update, retrieves the newest list of packages from the repositories.
petru@ubuntu-dev:~$ sudo apt-get update
[sudo] password for petru:
Hit:1 http://gb.archive.ubuntu.com/ubuntu jammy InRelease
Hit:2 http://gb.archive.ubuntu.com/ubuntu jammy-updates InRelease
Hit:3 http://security.ubuntu.com/ubuntu jammy-security InRelease
Hit:4 http://gb.archive.ubuntu.com/ubuntu jammy-backports InRelease
Reading package lists... Done
petru@ubuntu-dev:~$
The second command that you need to run is apt-get upgrade or apt upgrade. This command performs the upgrades of the installed software. When asked, press the Y key.
petru@ubuntu-dev:~$ sudo apt-get upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following packages were automatically installed and are no longer required:
fakeroot javascript-common libalgorithm-diff-perl libalgorithm-diff-xs-perl libalgorithm-merge-perl libasan6
libc-dev-bin libc-devtools libcc1-0 libcrypt-dev libdpkg-perl libfakeroot libfile-fcntllock-perl libitm1
libjs-jquery libjs-sphinxdoc libjs-underscore liblsan0 libnsl-dev libquadmath0 libtirpc-dev libtsan0 libubsan1
lto-disabled-list manpages-dev rpcsvc-proto
Use 'sudo apt autoremove' to remove them.
The following packages have been kept back:
gnome-remote-desktop libegl-mesa0 libgbm1 libgl1-mesa-dri libglapi-mesa libglx-mesa0 libxatracker2
linux-generic-hwe-22.04 linux-headers-generic-hwe-22.04 linux-image-generic-hwe-22.04 mesa-vulkan-drivers
tzdata
The following packages will be upgraded:
alsa-ucm-conf apparmor apport apport-gtk bind9-dnsutils bind9-host bind9-libs distro-info-data dnsmasq-base
gdm3 ghostscript ghostscript-x gir1.2-gdm-1.0 gnome-settings-daemon gnome-settings-daemon-common
grub-efi-amd64-bin grub-efi-amd64-signed im-config libapparmor1 libfprint-2-2 libgdm1 libgs9 libgs9-common
libldap-2.5-0 libldap-common libldb2 liblouis-data liblouis20 libnetplan0 libnss-systemd libpam-systemd
libpulse-mainloop-glib0 libpulse0 libpulsedsp libsmbclient libsnmp-base libsnmp40 libsystemd0 libudev1
libwbclient0 linux-firmware netplan.io pulseaudio pulseaudio-module-bluetooth pulseaudio-utils python3-apport
python3-ldb python3-louis python3-problem-report python3-tz samba-libs shim-signed sudo systemd systemd-oomd
systemd-sysv systemd-timesyncd thermald thunderbird thunderbird-gnome-support thunderbird-locale-en
thunderbird-locale-en-gb thunderbird-locale-en-us udev update-notifier update-notifier-common vim vim-common
vim-runtime vim-tiny xserver-common xserver-xephyr xserver-xorg-core xserver-xorg-legacy xwayland xxd
76 upgraded, 0 newly installed, 0 to remove and 12 not upgraded.
Need to get 269 MB/359 MB of archives.
After this operation, 30.9 MB of additional disk space will be used.
Do you want to continue? [Y/n]
The above action should be carried out as often as possible.
Next, I will show you how to increase the security coverage from 5 years to 10 years.
Check if you have an Ubuntu Pro subscription
To check for how long you will receive the security updates, run the below command.
petru@ubuntu-dev:~$ pro security-status
1709 packages installed:
1696 packages from Ubuntu Main/Restricted repository
13 packages from Ubuntu Universe/Multiverse repository
To get more information about the packages, run
pro security-status --help
for a list of available options.
This machine is receiving security patching for Ubuntu Main/Restricted
repository until 2027.
This machine is NOT attached to an Ubuntu Pro subscription.
Ubuntu Pro with 'esm-infra' enabled provides security updates for
Main/Restricted packages until 2032.
Ubuntu Pro with 'esm-apps' enabled provides security updates for
Universe/Multiverse packages until 2032.
Try Ubuntu Pro with a free personal subscription on up to 5 machines.
Learn more at https://ubuntu.com/pro
petru@ubuntu-dev:~$
As you can see, my machine will receive updates until 2027.
Create an Ubuntu Account
In order to increase the security coverage for your Ubuntu machine from 5 to 10 years, you need to apply for a Ubuntu Subscription.
If you do not have an Ubuntu account, you will need to create one. Follow the steps and fill up the form here: https://login.ubuntu.com/ .
Get Ubuntu Pro
Ubuntu Pro is free for personal use. Anyone can use Ubuntu Pro for free on up to 5 machines.
Open the link and get Ubuntu Pro.
Attach the subscription to your machine
After creating the Ubuntu account and registering for Ubuntu Pro, you need to attach the subscription to your machine.
petru@ubuntu-dev:~$ pro attach --help
usage: pro attach <token> [flags]
Attach this machine to Ubuntu Pro with a token obtained from:
https://ubuntu.com/pro
When running this command without a token, it will generate a short code
and prompt you to attach the machine to your Ubuntu Pro account using
a web browser.
positional arguments:
token token obtained for Ubuntu Pro authentication: https://auth.contracts.canonical.com
Flags:
-h, --help show this help message and exit
--no-auto-enable do not enable any recommended services automatically
--attach-config ATTACH_CONFIG
use the provided attach config file instead of passing the token on the cli
--format {cli,json} output enable in the specified format (default: cli)
petru@ubuntu-dev:~$
You need to run a similar command. You can find the token in your Ubuntu account.
petru@ubuntu-dev:~$ sudo pro attach [Your_Token]
[sudo] password for petru:
Enabling default service esm-apps
Updating package lists
Ubuntu Pro: ESM Apps enabled
Enabling default service esm-infra
Updating package lists
Ubuntu Pro: ESM Infra enabled
Enabling default service livepatch
Installing canonical-livepatch snap
Canonical livepatch enabled.
Unable to determine current instance-id
This machine is now attached to 'Ubuntu Pro - free personal subscription'
SERVICE ENTITLED STATUS DESCRIPTION
esm-apps yes enabled Expanded Security Maintenance for Applications
esm-infra yes enabled Expanded Security Maintenance for Infrastructure
livepatch yes enabled Canonical Livepatch service
realtime-kernel yes disabled Ubuntu kernel with PREEMPT_RT patches integrated
NOTICES
Operation in progress: pro attach
Enable services with: pro enable <service>
Account: petregmd@gmail.com
Subscription: Ubuntu Pro - free personal subscription
petru@ubuntu-dev:~$
Confirm that the subscription Ubuntu Pro is enabled
Now, you can check if the subscription was applied successfully. Run the following command on your machine.
petru@ubuntu-dev:~$ pro status
SERVICE ENTITLED STATUS DESCRIPTION
esm-apps yes enabled Expanded Security Maintenance for Applications
esm-infra yes enabled Expanded Security Maintenance for Infrastructure
livepatch yes enabled Canonical Livepatch service
realtime-kernel yes disabled Ubuntu kernel with PREEMPT_RT patches integrated
Enable services with: pro enable <service>
Account: petregmd@gmail.com
Subscription: Ubuntu Pro - free personal subscription
Find out for how long you will receive the security updates
If you want to find out for how long you will receive security updates for your Ubuntu machine, run the following command.
petru@ubuntu-dev:~$ pro security-status
1709 packages installed:
1696 packages from Ubuntu Main/Restricted repository
13 packages from Ubuntu Universe/Multiverse repository
To get more information about the packages, run
pro security-status --help
for a list of available options.
This machine is attached to an Ubuntu Pro subscription.
Main/Restricted packages are receiving security updates from
Ubuntu Pro with 'esm-infra' enabled until 2032.
Universe/Multiverse packages are receiving security updates from
Ubuntu Pro with 'esm-apps' enabled until 2032.
petru@ubuntu-dev:~$
I hope you find this post useful. Share it on your social media channels so that other people can read it too.