-
Notifications
You must be signed in to change notification settings - Fork 1
Expand file tree
/
Copy pathautomatic_security_updates.sh
More file actions
executable file
·87 lines (65 loc) · 3.06 KB
/
automatic_security_updates.sh
File metadata and controls
executable file
·87 lines (65 loc) · 3.06 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
#!/usr/bin/env bash
# CHECK IF USER HAS SUDO RIGHTS
if [[ ${EUID} != 0 ]]; then
echo "Please run this script as root!" && exit 1
fi
# SET THE LOG CONFIG LOCATION
LOG_FILE=/var/log/automatic_security_updates.log
# DETECT THE OS TYPE AND START THE UPGRADE
if [[ $(grep "ID=" /etc/os-release | grep -c "ubuntu\|debian") -gt 0 ]]; then
grep -i security /etc/apt/sources.list >/etc/apt/security.sources.list
# DOCKER UPDATES ARE LOCKED TO AVOID THE CONTAINER FAILURES
apt-mark hold docker*
apt-mark hold containerd*
if [[ -f ${LOG_FILE} ]]; then echo "" >>${LOG_FILE} && echo "" >>${LOG_FILE}; fi
echo "#_ $(date) _#" >>${LOG_FILE}
export DEBIAN_FRONTEND=noninteractive
export APT_LISTCHANGES_FRONTEND=none
apt-get update 2>&1 | tee -a ${LOG_FILE}
apt-get --yes upgrade -o Dir::Etc::SourceList=/etc/apt/security.sources.list -o Dpkg::Options::="--force-confdef" -o Dpkg::Options::="--force-confold" 2>&1 | tee -a ${LOG_FILE}
# DOCKER UPDATES ARE ENABLED AGAIN AT THE END OF THE PROCESS
apt-mark unhold docker*
apt-mark unhold containerd*
elif [[ $(grep "ID=" /etc/os-release | grep -c "centos") -gt 0 ]]; then
yum install -y yum-plugin-versionlock
if [[ -f ${LOG_FILE} ]]; then echo "" >>${LOG_FILE} && echo "" >>${LOG_FILE}; fi
echo "#_ $(date) _#" >>${LOG_FILE}
# DOCKER UPDATES ARE LOCKED TO AVOID CONTAINER FAILURES
yum versionlock docker* 2>&1 | tee -a ${LOG_FILE}
yum versionlock docker-* 2>&1 | tee -a ${LOG_FILE}
yum versionlock containerd* 2>&1 | tee -a ${LOG_FILE}
# UPDATE THE SYSTEM
yum updateinfo info security 2>&1 | tee -a ${LOG_FILE}
yum -y update --security 2>&1 | tee -a ${LOG_FILE}
# DOCKER UPDATES ARE ENABLED AGAIN AT THE END OF THE PROCESS
yum versionlock delete docker* 2>&1 | tee -a ${LOG_FILE}
yum versionlock delete docker-* 2>&1 | tee -a ${LOG_FILE}
yum versionlock delete containerd* 2>&1 | tee -a ${LOG_FILE}
# SET THE LATEST KERNEL TO BOOT AUTOMATICALLY
grub2-set-default 0
grub2-mkconfig -o /boot/grub2/grub.cfg
# grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg
elif [[ $(grep "^ID=" /etc/os-release | grep -c 'almalinux\|"ol"\|"rocky"') -gt 0 ]]; then
dnf install -y python3-dnf-plugin-versionlock
if [[ -f ${LOG_FILE} ]]; then echo "" >>${LOG_FILE} && echo "" >>${LOG_FILE}; fi
echo "#_ $(date) _#" >>${LOG_FILE}
# DOCKER UPDATES ARE LOCKED TO AVOID CONTAINER FAILURES
dnf versionlock docker* 2>&1 | tee -a ${LOG_FILE}
dnf versionlock docker-* 2>&1 | tee -a ${LOG_FILE}
dnf versionlock containerd* 2>&1 | tee -a ${LOG_FILE}
dnf updateinfo info security 2>&1 | tee -a ${LOG_FILE}
dnf -y update --security 2>&1 | tee -a ${LOG_FILE}
# DOCKER UPDATES ARE ENABLED AGAIN AT THE END OF THE PROCESS
dnf versionlock delete docker* 2>&1 | tee -a ${LOG_FILE}
dnf versionlock delete docker-* 2>&1 | tee -a ${LOG_FILE}
dnf versionlock delete containerd* 2>&1 | tee -a ${LOG_FILE}
# SET THE LATEST KERNEL TO BOOT AUTOMATICALLY
grub2-set-default 0
grub2-mkconfig -o /boot/grub2/grub.cfg
# grub2-mkconfig -o /boot/efi/EFI/centos/grub.cfg
else
echo "Sorry your OS is not yet supported!" && exit 1
exit 1
fi
syschecks updates --cache-create
syschecks