We are happy to announce that Vesta is back under active development as of 25 February 2024. We are working on v1 candidate and expect to engage more with the community over the coming months. We are committed to open source, and we encourage contributors to help us build the future of Vesta.
security updates with vestacp Topic is solved
security updates with vestacp
hi guys,
I'm running happily 2 servers with vestaCP (1.0.0) onboard
I was wondering if there is or if you've come up with any recommendations on how to handle security updates
I tend to update my servers by getting the security mainstream channel instead of upgrading them
this is how it looks like one of the main vestaCP servers:
I do not want to mess vesta packages up and that's why I'm asking if you have gotten the same experience
I was thinking of locking down vesta-* versions or something like that
any thought would be appreciated
thank you
I'm running happily 2 servers with vestaCP (1.0.0) onboard
I was wondering if there is or if you've come up with any recommendations on how to handle security updates
I tend to update my servers by getting the security mainstream channel instead of upgrading them
this is how it looks like one of the main vestaCP servers:
Code: Select all
apt list --upgradable | grep "bionic-security"
busybox-initramfs/bionic-updates,bionic-security 1:1.27.2-2ubuntu3.4 amd64 [upgradable from: 1:1.27.2-2ubuntu3.3]
busybox-static/bionic-updates,bionic-security 1:1.27.2-2ubuntu3.4 amd64 [upgradable from: 1:1.27.2-2ubuntu3.3]
imagemagick/bionic-updates,bionic-security 8:6.9.7.4+dfsg-16ubuntu6.12 amd64 [upgradable from: 8:6.9.7.4+dfsg-16ubuntu6.11]
imagemagick-6-common/bionic-updates,bionic-updates,bionic-security,bionic-security 8:6.9.7.4+dfsg-16ubuntu6.12 all [upgradable from: 8:6.9.7.4+dfsg-16ubuntu6.11]
imagemagick-6.q16/bionic-updates,bionic-security 8:6.9.7.4+dfsg-16ubuntu6.12 amd64 [upgradable from: 8:6.9.7.4+dfsg-16ubuntu6.11]
libglib2.0-0/bionic-updates,bionic-security 2.56.4-0ubuntu0.18.04.9 amd64 [upgradable from: 2.56.4-0ubuntu0.18.04.8]
libglib2.0-data/bionic-updates,bionic-updates,bionic-security,bionic-security 2.56.4-0ubuntu0.18.04.9 all [upgradable from: 2.56.4-0ubuntu0.18.04.8]
libmagickcore-6.q16-3/bionic-updates,bionic-security 8:6.9.7.4+dfsg-16ubuntu6.12 amd64 [upgradable from: 8:6.9.7.4+dfsg-16ubuntu6.11]
libmagickcore-6.q16-3-extra/bionic-updates,bionic-security 8:6.9.7.4+dfsg-16ubuntu6.12 amd64 [upgradable from: 8:6.9.7.4+dfsg-16ubuntu6.11]
libmagickwand-6.q16-3/bionic-updates,bionic-security 8:6.9.7.4+dfsg-16ubuntu6.12 amd64 [upgradable from: 8:6.9.7.4+dfsg-16ubuntu6.11]
libpython3.6/bionic-updates,bionic-security 3.6.9-1~18.04ubuntu1.6 amd64 [upgradable from: 3.6.9-1~18.04ubuntu1.4]
libpython3.6-minimal/bionic-updates,bionic-security 3.6.9-1~18.04ubuntu1.6 amd64 [upgradable from: 3.6.9-1~18.04ubuntu1.4]
libpython3.6-stdlib/bionic-updates,bionic-security 3.6.9-1~18.04ubuntu1.6 amd64 [upgradable from: 3.6.9-1~18.04ubuntu1.4]
libseccomp2/bionic-updates,bionic-security 2.5.1-1ubuntu1~18.04.2 amd64 [upgradable from: 2.5.1-1ubuntu1~18.04.1]
linux-generic/bionic-updates,bionic-security 4.15.0.166.155 amd64 [upgradable from: 4.15.0.162.151]
linux-headers-generic/bionic-updates,bionic-security 4.15.0.166.155 amd64 [upgradable from: 4.15.0.162.151]
linux-image-generic/bionic-updates,bionic-security 4.15.0.166.155 amd64 [upgradable from: 4.15.0.162.151]
linux-libc-dev/bionic-updates,bionic-security 4.15.0-166.174 amd64 [upgradable from: 4.15.0-162.170]
python3.6/bionic-updates,bionic-security 3.6.9-1~18.04ubuntu1.6 amd64 [upgradable from: 3.6.9-1~18.04ubuntu1.4]
python3.6-minimal/bionic-updates,bionic-security 3.6.9-1~18.04ubuntu1.6 amd64 [upgradable from: 3.6.9-1~18.04ubuntu1.4]
I was thinking of locking down vesta-* versions or something like that
any thought would be appreciated
thank you
Re: security updates with vestacp
I use CentOS, so OS updates I leave it to the yum-cron service to check and apply the new packages.
When the Kernel is updated, I reboot the server.
In the case of Vesta, I disable auto-update, because I prefer to do tests first - on a test server - before applying to production servers.
The last Vesta update (0.9.8 -> 1.0.0) was very problematic and I am now adopting this policy.
When the Kernel is updated, I reboot the server.
In the case of Vesta, I disable auto-update, because I prefer to do tests first - on a test server - before applying to production servers.
The last Vesta update (0.9.8 -> 1.0.0) was very problematic and I am now adopting this policy.
Re: security updates with vestacp
hey sandro,
thanks for getting back to me
I will use a combination of our approach in terms of updates
I do like the idea to disable vestaCP updates and I will also make sure that the machine will get only security updates as long as they are going to be available
this balance should give me a good compromise in terms of security and stability
hope this thread will help anyone who is interested in creating efficient ways to handle our vestaCP servers
thanks for getting back to me
I will use a combination of our approach in terms of updates
I do like the idea to disable vestaCP updates and I will also make sure that the machine will get only security updates as long as they are going to be available
this balance should give me a good compromise in terms of security and stability
hope this thread will help anyone who is interested in creating efficient ways to handle our vestaCP servers