Update Ubuntu Linux Software Using Command Line?

I have the latest version of Ubuntu Linux LTS server. How do I update Ubuntu Linux for security and application fix/upgrades using ssh command line? How can I install updates via command line option?

Ubuntu Linux server – Install updates via apt-get command line

The commands are as follows:

  1. apt-get update: Update is used to resynchronize the package index files from their sources on Ubuntu Linux via the Internet.
  2. apt-get upgrade: Upgrade is used to install the newest versions of all packages currently installed on the Ubuntu system.
  3. apt-get install package-name: Install is followed by one or more packages desired for installation. If package is already installed it will try to update to latest version.

First, open the Terminal application and type following two commands (Application > Accessories > Terminal).

Get updated software list for Ubuntu, enter:

$ sudo apt-get update
$ sudo apt-get upgrade

Please note that above two commands will fetch files from the Internets or local mirrors. The location of update pages is specified in /etc/apt/sources.list (repositories). You need NOT make any changes to this file until and unless you need extra repositories for your setup.

INSTALL KERNEL UPDATES ON A UBUNTU LTS SERVER

Type the following apt-get command:

$ sudo apt-get dist-upgrade

The dist-upgrade in addition to performing the function of upgrade, also intelligently handles changing dependencies with new versions of packages; apt-get has a “smart” conflict resolution system, and it will attempt to upgrade the most important packages at the expense of less important ones if necessary. So, dist-upgrade command may remove some packages. The /etc/apt/sources.list file contains a list of locations from which to retrieve desired package files.

Proxmox Standalone Instances

INTRODUCTION

This is (already) the third blog post about Proxmox, and it’s what about you could do on standalone Proxmox instances.
When you don’t use Proxmox clustering features, you may want to stop some running services, polluting your system logs.

This has to be considered very experimental and don’t expect replication nor high-availability functionalities to work once you have disabled these services. 

THE PROCEDURE

systemctl disable –now pve-ha-crm.service
systemctl disable –now pve-ha-lrm.service
systemctl disable –now pvesr.timer
systemctl disable –now corosync.service

Supermicro ipmi port forwarding

The first ports you have to allow are of course TCP 80 and 443 for web management interface. Almost all IPMI implementations have it and quite often it’s the interface with the most features. For example, Supermicro’s implementation only allows BIOS update and port number changes over web interface. This interface unfortunately stops just short of allowing console access.

To get access via IPMI tool (I use Supermicro’s IPMI View) you need to have UDP port 623 allowed through. This will allow logging into the IPMI interface and seeing machine’s status. Unfortunately, this too stops short of console access.

The key to the console (aka KVM) access is in TCP ports 3520 and 5900. These will allow you to see and type into. And only if you ever ran IPMI in nonrestrictive network would you notice something missing.

The missing piece is the menu, allowing you to mount virtual media and similar. For this you need to enable TCP port 623. This will finally allow full control over the hardware.

It’s a bit of annoyance that so many ports are needed but in general this doesn’t present the problem. Unless there are special circumstances, you shouldn’t access IPMI from the outside via port forwarding. What you should do is use VPN and then use IPMI via it.

Streaming HLS and MPEG-DASH from behind reverse proxy

There are use cases when a media streamer is putting Nimble Streamer media server behind the reverse proxy. This is usually done for security reasons and works pretty good.

But there is a side effect of this solution. For each connection, Nimble Streamer gets the IP of the proxy instead of IP of the viewer. This means that geo-location reporting for HLS and other HTTP protocols would be shown incorrectly. Also, WMSPanel hotlinking protection and geo-lock will not work since it’s based on IP as well.

For HTTP-based protocols like HLS, MPEG-DASH, SmoothStreaming and Progressive download this can be solved via processing X-Forwarded-For header.

We’ve recently added processing capability option to handle this HTTP header in Nimble Streamer. You need to follow these easy steps.

1. Open Nimble Streamer configuration file called /etc/nimble/nimble.conf and add the following parameter:

cdn_origin = true

2. Restart Nimble.
For Debian/Ubuntu run:

sudo service nimble restart

For Red Hat Enterprise Linux 6 / CentOS 6 run:

sudo service nimble start

That’s it. Nimble Streamer will be obtaining customers’ IP addresses correctly.

How to enable/disable firewall on Ubuntu 18.04 Bionic Beaver Linux

Objective

The objective is to show how to enable or disable firewall on Ubuntu 18.04 Bionic Beaver Linux

Check a current firewall status

$ sudo ufw status
[sudo] password for linuxconfig: 
Status: inactive

Enable Firewall

To enable firewall execute:

$ sudo ufw enable
Command may disrupt existing ssh connections. Proceed with operation (y|n)? y
Firewall is active and enabled on system startup

Firewall, is now enabled:

$ sudo ufw status
Status: active

Disable Firewall

UFW is quite intuitive to use. To disable firewall execute:

$ sudo ufw disable
Firewall stopped and disabled on system startup

Confirm the firewall status:

$ sudo ufw status
Status: inactive

Remove Proxmox 6.0/5.1+ Subscription Notice

With the release of Proxmox 5.1 and newer (including 6.0) you’ll find the code related to the no subscription message that pops up on login has changed and prior instructions for removing it wont work.

To remove “You do not have a valid subscription for this server” run the command bellow. You will need to SSH to your Proxmox machine or use the node console through the PVE web interface.

Run the following one line command and then clear your browser cache (depending on the browser you may need to open a new tab or restart the browser):

sed -i.bak "s/data.status !== 'Active'/false/g" /usr/share/javascript/proxmox-widget-toolkit/proxmoxlib.js && systemctl restart pveproxy.service

Here are alternative step by step instructions so you can understand what the above command is doing:

  • Change to working directory
    cd /usr/share/javascript/proxmox-widget-toolkit
  • Make backup of file
    cp proxmoxlib.js proxmoxlib.js.bak
  • Edit the file
    nano proxmoxlib.js
  • Locate this line of code inside the file (use ctrl+w in nano)
    if (data.status !== 'Active') {
  • Replace it with this
    if (false) {
  • Restart the Proxmox service (also be sure to clear your browser cache, depending on the browser you may need to open a new tab or restart the browser)
    systemctl restart pveproxy.service