Linux server updating for dummies?

[templar]

I have a contract where as part of my duties involve maintaining 5 different Linux servers (both Ubuntu and CentOS). An unwritten aspect of my duties is to periodically educate some people there about certain technical topics. This month's topic has to do with the updating of their Linux servers. For over two years I've been quietly updating the servers almost on a daily basis. As these servers are remote, I'd ssh in and do what I needed to do.

Now all of a sudden, someone there is wanting me to document the updates and how the updates might affect our software before I apply them, etc etc. Tell me if I am wrong, but I have explained to them this is not a reasonable request. However, one person in particular with a big business mainframe mentality can be very stubborn about things such as this. So I could use a little help.

If someone can direct me to a document or article explaining in non technical terms what the common practices are for updating and/or maintaining a Linux server I would greatly appreciate it. (If only a technical document is available, I'll take it.) I was hoping to find a "Linux Journal" type of article, but have been unsuccessful in finding such a thing. My goal is to have a reference that I can pass to my contract that can be read and understood by someone with very limited Linux systems knowledge.

[BigEasy]

Tell me if I am wrong, but I have explained to them this is not a reasonable request.

Request reasonable. You are wrong.

[templar]

Tell me if I am wrong, but I have explained to them this is not a reasonable request.

Request reasonable. You are wrong.

I would appreciate some help. We receive all of our updates from the distribution's repository. For example, on one of our servers, if I run:

apt-get update ; apt-get -u upgrade

I will receive this output:

Code: Select all

The following packages have been kept back:
  linux-generic linux-headers-generic linux-headers-virtual
  linux-image-generic linux-image-virtual linux-virtual
The following packages will be upgraded:
  cloud-init grub-legacy-ec2 libcgmanager0 libgudev-1.0-0 libpam-systemd
  libpq5 libpython3.4-minimal libpython3.4-stdlib libsystemd-daemon0
  libsystemd-login0 libudev1 oracle-java8-installer oracle-java8-set-default
  python-urllib3 python3-distupgrade python3-software-properties
  python3-update-manager python3.4 python3.4-minimal
  software-properties-common systemd-services tzdata
  ubuntu-release-upgrader-core udev update-manager-core
25 upgraded, 0 newly installed, 0 to remove and 6 not upgraded.
Need to get 5,641 kB of archives.
After this operation, 9,216 B disk space will be freed.

How do I document what these updates will do, and how do I document how they will affect our software? The only software we are running is Jitterbit Server (a Java based product). The rest all comes from the Linux server's distribution?

If you can tell me what and how to document something like this I would appreciate it.

[BigEasy]

Question was how "document the updates and how the updates might affect our software before I apply them" ?
1.Document the updates. Just print output of apt-get on paper
2. might affect our software. You know how? Is you know then write document about it.
3. before I apply them. Test server must exists.

[Ark987]

I have a contract where as part of my duties involve maintaining 5 different Linux servers (both Ubuntu and CentOS). An unwritten aspect of my duties is to periodically educate some people there about certain technical topics. This month's topic has to do with the updating of their Linux servers. For over two years I've been quietly updating the servers almost on a daily basis. As these servers are remote, I'd ssh in and do what I needed to do.

Now all of a sudden, someone there is wanting me to document the updates and how the updates might affect our software before I apply them, etc etc. Tell me if I am wrong, but I have explained to them this is not a reasonable request. However, one person in particular with a big business mainframe mentality can be very stubborn about things such as this. So I could use a little help.

If someone can direct me to a document or article explaining in non technical terms what the common practices are for updating and/or maintaining a Linux server I would greatly appreciate it. (If only a technical document is available, I'll take it.) I was hoping to find a "Linux Journal" type of article, but have been unsuccessful in finding such a thing. My goal is to have a reference that I can pass to my contract that can be read and understood by someone with very limited Linux systems knowledge.

Maybe you could implement a vulnerability management process, that will give you a report about OS patches, but you may need to get a software tool for that:
https://www.sans.org/reading-room/white ... cess-34180

For CentOS systems I created a script to generate an HTML and send me the following before each update cycle:

• Installed packages
• Pending updates
• The last 3 change logs entries for each pending update package
• Cleanup the cached packages older than 3 months (by default CentOS does not retain the downloaded packages but I activated it)

You could use a regular expressions to search between the change log for any CVE-XXX entries, and that could be the key information of your report. Be creative use your imagination.
Maybe you could ask which information are they expecting from such reports so you don't put too much nor too little.

[templar]

Ark987 thank you for taking the time to respond. Your suggestions were good and very helpful.