How to list number of updates and security updates available from command line on Ubuntu
Abstract: this command should be run after apt update. If any update is it would show you how many packages can be updated and mentioned command to show you whi
In this article, I will show you how to list the number of package updates available for install from the command line on Linux systems. I have used following tools apt, apt-get, aptitude, yum, apt-check script and apticron to list updates.
Using apt command (above Ubuntu 14.04)Since ubuntu 14.04 we have a new command called "apt". The following command will list out all the packages that you can update, what their current versions are, and what the new version is.
sudo apt list --upgradable
Listing... Done
gnupg/stable 1.4.18-7+deb8u2 amd64 [upgradable from: 1.4.18-7+deb8u1]
gpgv/stable 1.4.18-7+deb8u2 amd64 [upgradable from: 1.4.18-7+deb8u1]
libgcrypt20/stable 1.6.3-2+deb8u2 amd64 [upgradable from: 1.6.3-2+deb8u1]
libidn11/stable 1.29-1+deb8u2 amd64 [upgradable from: 1.29-1+deb8u1]
linux-image-3.16.0-4-amd64/stable 3.16.36-1+deb8u1 amd64 [upgradable from: 3.16.7-ckt25-2+deb8u3]
Usually, this command should be run after apt update. If any update is it would show you how many packages can be updated and mentioned command to show you which packages can be upgraded.
Using apt-get CommandI have listed few options of apt-get command to list available packages for upgrade.
apt-get upgrade --dry-run
[sudo] password for user:
Reading package lists... Done
Building dependency tree
Reading state information... Done
Calculating upgrade... Done
The following packages were automatically installed and are no longer required:
libsqlite0 pgdg-keyring
Use 'apt-get autoremove' to remove them.
The following packages have been kept back:
linux-generic linux-headers-generic linux-image-generic
The following packages will be upgraded:
apparmor apport apt apt-transport-https apt-utils base-files bash bind9-host
libapt-inst1.5 libapt-pkg4.12 libbind9-90 libblkid1 libc-bin libc-dev-bin
libc6 libc6-dev libcairo-gobject2 libcairo-script-interpreter2 libcairo2
libcairo2-dev libcgmanager0 libcomerr2 libcurl3-gnutls libdbus-1-3
libdbus-1-dev libdns100 libdrm-intel1 libdrm-nouveau2 libdrm-radeon1 libdrm2
...
python-software-properties python-urllib3 python3-apport python3-apt
python3-distupgrade python3-problem-report rsyslog systemd-services tcpdump
util-linux uuid-runtime wget wpasupplicant x11-common x11proto-core-dev
xtrans-dev
161 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.
Inst base-files [7.2ubuntu5.1] (7.2ubuntu5.2 Ubuntu:14.04/trusty-updates [amd64])
Conf base-files (7.2ubuntu5.2 Ubuntu:14.04/trusty-updates [amd64])
Inst bash [4.3-7ubuntu1.4] (4.3-7ubuntu1.5 Ubuntu:14.04/trusty-updates [amd64])
...
Note that the --dry-run allow us to see list of files/packages that will be upgraded but no changes will be made.
Here are the simulate options available --just-print, -s, --simulate, , --dry-run, --recon, --no-act
Few examples
# apt-get -s dist-upgrade | grep "^[[:digit:]]\+ upgraded"
87 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
# apt-get -s dist-upgrade | grep -Po "^[[:digit:]]+ (?=upgraded)"
87
# apt-get dist-upgrade -s --quiet=2 | grep ^Inst | wc -l
87
Using aptitude Command
To get from "aptitude" command, use the below command to get the list of packages ready for the upgrade. Some versions of aptitude don't require to use single quotes before and after ~U.
aptitude search '~U'
...
i scudcloud - ScudCloud is a non official desktop client for Slack
i shim-signed - Secure Boot chain-loading bootloader (Microsoft-signed binary)
i smbclient - command-line SMB/CIFS clients for Unix
i strongswan - IPsec VPN solution metapackage
i A strongswan-ike - strongSwan Internet Key Exchange (v2) daemon
i A strongswan-plugin-openssl - strongSwan plugin for OpenSSL
i A strongswan-starter - strongSwan daemon starter and configuration file parser
i sudo - Provide limited super user privileges to specific users
...
Note: that it doesn't search online, only local in your system.
How to check using apt-check scriptI was able to get neat output on ubuntu 14.04 using this script.
# /usr/lib/update-notifier/apt-check -p
bind9-host
python3-problem-report
liblwres90
linux-headers-generic
libdns100
libisccfg90
...
# /usr/lib/update-notifier/apt-check --human-readable
33 packages can be updated.
30 updates are security updates.
Yum is a software package manager that installs, updates, and removes packages on RPM-based systems. It automatically computes dependencies and figures out what things should occur to install packages. To list updates that are available for the installed packages:
yum list updates
Loaded plugins: fastestmirror, refresh-packagekit, security
Loading mirror speeds from cached hostfile
* base: centos.hyve.com
* epel: mirrors.coreix.net
* extras: centos.hyve.com
* rpmforge: www.mirrorservice.org
* updates: mirror.sov.uk.goscomb.net
kernel.x86_64 2.6.32-504.3.3.el6
...
Next utility is up2date. This utility downloads packages from RHN (Red Hat Network) and installs them on your system. The advantage of using up2date to update/install packages is that it automatically resolves dependencies and downloads any additional packages that you may need. It has -l option to show you what package updates are available for download and installing the same.
up2date -l
Apticron tool - Email you the update list
If you need your machine to automatically alert you when new packages are available - apticron might be just the package you are looking for. Apticron is a simple shell script that is called from cron once a day. But you need to install it first:
sudo apt-get install apticron
and configure:
vim /etc/apticron/apticron.conf
EMAIL="[email protected]"
Now apticron will send emails once a day when there are new packages available. A sample of an email looks like this:
apticron report [Mon, 10 Jul 2017 10:42:01 -0800] ======================================================================== apticron has detected that some packages need upgrading on: [ 1.2.3.4 ] The following packages are currently pending an upgrade: xfree86-common 4.3.0.dfsg.1-14sarge3 libice6 4.3.0.dfsg.1-14sarge3 libsm6 4.3.0.dfsg.1-14sarge3 xlibs-data 4.3.0.dfsg.1-14sarge3 libx11-6 4.3.0.dfsg.1-14sarge3 libxext6 4.3.0.dfsg.1-14sarge3 libxpm4 4.3.0.dfsg.1-14sarge3 ======================================================================== Package Details: Reading changelogs... --- Changes for xfree86 (xfree86-common libice6 libsm6 xlibs-data libx11-6 libxext6 libxpm4) --- xfree86 (4.3.0.dfsg.1-14sarge3) stable-security; urgency=high * Non-maintainer update by the Security Team: Fixes several vulnerabilities reported by iDefense (CVE-2006-6101, CVE-2006-6102, CVE-2006-6103) -- Moritz Muehlenhoff Sun, 9 Jul 2017 13:31:35 +0000 ======================================================================== You can perform the upgrade by issuing the command: apt-get dist-upgrade as root on faustus.example.com It is recommended that you simulate the upgrade first to confirm that the actions that would be taken are reasonable. The upgrade may be simulated by issuing the command: apt-get -s dist-upgrade -- apticron
Keeping your computer's software up to date is the single most important task for protecting your system. Ubuntu can alert you to pending updates, and also be configured to apply updates automatically. Please note that updates may restart services on your server, so this may not be appropriate for all environments.