Vesta Control Panel - Forum

Community Forum
https://forum.vestacp.com/

security updates with vestacp

https://forum.vestacp.com/viewtopic.php?f=20&t=20918

Page 1 of 1

security updates with vestacp

Posted: Wed May 11, 2022 11:26 am
by starase
hi guys,
I'm running happily 2 servers with vestaCP (1.0.0) onboard
I was wondering if there is or if you've come up with any recommendations on how to handle security updates
I tend to update my servers by getting the security mainstream channel instead of upgrading them
this is how it looks like one of the main vestaCP servers:

Code: Select all

apt list --upgradable | grep "bionic-security"

busybox-initramfs/bionic-updates,bionic-security 1:1.27.2-2ubuntu3.4 amd64 [upgradable from: 1:1.27.2-2ubuntu3.3]
busybox-static/bionic-updates,bionic-security 1:1.27.2-2ubuntu3.4 amd64 [upgradable from: 1:1.27.2-2ubuntu3.3]
imagemagick/bionic-updates,bionic-security 8:6.9.7.4+dfsg-16ubuntu6.12 amd64 [upgradable from: 8:6.9.7.4+dfsg-16ubuntu6.11]
imagemagick-6-common/bionic-updates,bionic-updates,bionic-security,bionic-security 8:6.9.7.4+dfsg-16ubuntu6.12 all [upgradable from: 8:6.9.7.4+dfsg-16ubuntu6.11]
imagemagick-6.q16/bionic-updates,bionic-security 8:6.9.7.4+dfsg-16ubuntu6.12 amd64 [upgradable from: 8:6.9.7.4+dfsg-16ubuntu6.11]
libglib2.0-0/bionic-updates,bionic-security 2.56.4-0ubuntu0.18.04.9 amd64 [upgradable from: 2.56.4-0ubuntu0.18.04.8]
libglib2.0-data/bionic-updates,bionic-updates,bionic-security,bionic-security 2.56.4-0ubuntu0.18.04.9 all [upgradable from: 2.56.4-0ubuntu0.18.04.8]
libmagickcore-6.q16-3/bionic-updates,bionic-security 8:6.9.7.4+dfsg-16ubuntu6.12 amd64 [upgradable from: 8:6.9.7.4+dfsg-16ubuntu6.11]
libmagickcore-6.q16-3-extra/bionic-updates,bionic-security 8:6.9.7.4+dfsg-16ubuntu6.12 amd64 [upgradable from: 8:6.9.7.4+dfsg-16ubuntu6.11]
libmagickwand-6.q16-3/bionic-updates,bionic-security 8:6.9.7.4+dfsg-16ubuntu6.12 amd64 [upgradable from: 8:6.9.7.4+dfsg-16ubuntu6.11]
libpython3.6/bionic-updates,bionic-security 3.6.9-1~18.04ubuntu1.6 amd64 [upgradable from: 3.6.9-1~18.04ubuntu1.4]
libpython3.6-minimal/bionic-updates,bionic-security 3.6.9-1~18.04ubuntu1.6 amd64 [upgradable from: 3.6.9-1~18.04ubuntu1.4]
libpython3.6-stdlib/bionic-updates,bionic-security 3.6.9-1~18.04ubuntu1.6 amd64 [upgradable from: 3.6.9-1~18.04ubuntu1.4]
libseccomp2/bionic-updates,bionic-security 2.5.1-1ubuntu1~18.04.2 amd64 [upgradable from: 2.5.1-1ubuntu1~18.04.1]
linux-generic/bionic-updates,bionic-security 4.15.0.166.155 amd64 [upgradable from: 4.15.0.162.151]
linux-headers-generic/bionic-updates,bionic-security 4.15.0.166.155 amd64 [upgradable from: 4.15.0.162.151]
linux-image-generic/bionic-updates,bionic-security 4.15.0.166.155 amd64 [upgradable from: 4.15.0.162.151]
linux-libc-dev/bionic-updates,bionic-security 4.15.0-166.174 amd64 [upgradable from: 4.15.0-162.170]
python3.6/bionic-updates,bionic-security 3.6.9-1~18.04ubuntu1.6 amd64 [upgradable from: 3.6.9-1~18.04ubuntu1.4]
python3.6-minimal/bionic-updates,bionic-security 3.6.9-1~18.04ubuntu1.6 amd64 [upgradable from: 3.6.9-1~18.04ubuntu1.4]
I do not want to mess vesta packages up and that's why I'm asking if you have gotten the same experience
I was thinking of locking down vesta-* versions or something like that
any thought would be appreciated
thank you

Re: security updates with vestacp

Posted: Wed May 11, 2022 1:10 pm
by sandro
I use CentOS, so OS updates I leave it to the yum-cron service to check and apply the new packages.

When the Kernel is updated, I reboot the server.

In the case of Vesta, I disable auto-update, because I prefer to do tests first - on a test server - before applying to production servers.

The last Vesta update (0.9.8 -> 1.0.0) was very problematic and I am now adopting this policy.

Re: security updates with vestacp

Posted: Sat Jun 18, 2022 3:25 pm
by starase
hey sandro,
thanks for getting back to me

I will use a combination of our approach in terms of updates
I do like the idea to disable vestaCP updates and I will also make sure that the machine will get only security updates as long as they are going to be available

this balance should give me a good compromise in terms of security and stability
hope this thread will help anyone who is interested in creating efficient ways to handle our vestaCP servers
All times are UTC
Page 1 of 1
Powered by phpBB® Forum Software © phpBB Limited
https://www.phpbb.com/