“UbuntuHelp:AutomaticSecurityUpdates/zh”的版本间的差异
来自Ubuntu中文
Dbzhang800(讨论 | 贡献) 小 |
|||
第1行: | 第1行: | ||
{{From|https://help.ubuntu.com/community/AutomaticSecurityUpdates}} | {{From|https://help.ubuntu.com/community/AutomaticSecurityUpdates}} | ||
{{Languages|UbuntuHelp:AutomaticSecurityUpdates}} | {{Languages|UbuntuHelp:AutomaticSecurityUpdates}} | ||
− | == | + | #title 自动进行安全更新 |
+ | === 简介 === | ||
+ | 这是一个简单的指导,它教你创建一个脚本或cron任务而获得本地或外部的安全更新,并安装,他会自动在后台执行。在运行一个没有超级版本时总会有安全隐患,但如果你认为这些对你无关,那么你能按照以下的指导。 | ||
+ | === 使用 apt.conf.d === | ||
+ | 当你在使用 GNOME ,在“系统”菜单,“系统管理”,“软件源”中,打开“更新”选项卡并选择“自动更新”,也把“安装安全更新时不需确认”。 | ||
+ | 你也可以通过命令行来配置 <code><nowiki>unattended-upgrades</nowiki></code> 包,简单的改变你的'''''/etc/apt/apt.conf.d/10periodic''''' : | ||
+ | <pre><nowiki> | ||
+ | APT::Periodic::Update-Package-Lists "1"; | ||
+ | APT::Periodic::Download-Upgradeable-Packages "1"; | ||
+ | APT::Periodic::AutocleanInterval "0"; | ||
+ | APT::Periodic::Unattended-Upgrade "1"; | ||
+ | </nowiki></pre> | ||
+ | 和 '''''/etc/apt/apt.conf.d/50unattended-upgrades''''': | ||
+ | <pre><nowiki> | ||
+ | // Automatically upgrade packages from these (origin, archive) pairs | ||
+ | Unattended-Upgrade::Allowed-Origins { | ||
+ | "Ubuntu intrepid-security"; | ||
+ | }; | ||
+ | </nowiki></pre> | ||
+ | https://help.ubuntu.com/community/IconsPage?action=AttachFile&do=get&target=IconNote.png '''Note:''' 使用这个方法需要你每次更新系统到新版本时都要修改 /etc/apt/apt.conf.d/10periodic 和 /etc/apt/apt.conf.d/50unattended-upgrades 。务必确认用当前系统的代号去替换 '''intrepid''' ! | ||
+ | === 使用 cron === | ||
+ | ==== 操作指南 ==== | ||
+ | 首先,按 Alt+F2 并创建一个新文件: | ||
+ | <pre><nowiki> | ||
+ | gksudo gedit /etc/cron.weekly/apt-security-updates | ||
+ | </nowiki></pre> | ||
+ | 如果你是用 KDE, 用下面的命令代替: | ||
+ | <pre><nowiki> | ||
+ | kdesudo kate /etc/cron.weekly/apt-security-updates | ||
+ | </nowiki></pre> | ||
+ | 复制以下文本到这个新文件,保存并退出: | ||
+ | <pre><nowiki> | ||
+ | #! /bin/sh | ||
+ | echo "**************" >> /var/log/apt-security-updates | ||
+ | date >> /var/log/apt-security-updates | ||
+ | aptitude update >> /var/log/apt-security-updates | ||
+ | aptitude safe-upgrade -o Aptitude::Delete-Unused=false --assume-yes --target-release `lsb_release -cs`-security >> /var/log/apt-security-updates | ||
+ | echo "Security updates (if any) installed" | ||
+ | </nowiki></pre> | ||
+ | 最近(从 Ubuntu 7.10 以来),不推荐使用 aptitude 的 'upgrade' 操作。有两中方法去升级,其中安全的一种(传统的,如果有一个更新需要添加或删除依赖,它将不更新)和另一种全部更新(它将总是升级,甚至添加它或删除它会影响到其他包的,之前称为'dist-upgrade' )。这些操作现在是'safe-upgrade' 或 'full-upgrade'。详细请查看 aptitude (<code><nowiki>man aptitude</nowiki></code>) 的帮助。 | ||
+ | 当你完成前面的步骤,你还要让这个文件有执行权限。在终端输入下面一行: | ||
+ | <pre><nowiki> | ||
+ | sudo chmod +x /etc/cron.weekly/apt-security-updates | ||
+ | </nowiki></pre> | ||
+ | ==== Post-Install Setup and Execution Information ==== | ||
+ | This script will run once weekly and it installs all available packages from the security repository. It also generates a log in ~-/var/log/apt-security-updates-~ for later inspection in case something goes wrong. | ||
+ | This script will output information to a log file, so to prevent this log file from getting too large we need to make sure it gets rotated out. To do this, we'll use the ~-logrotate-~ utility, which comes with Ubuntu. Press Alt+F2 and type this command: | ||
+ | <pre><nowiki> | ||
+ | gksudo gedit /etc/logrotate.d/apt-security-updates | ||
+ | </nowiki></pre> | ||
+ | For KDE, use this command instead: | ||
+ | <pre><nowiki> | ||
+ | kdesudo kate /etc/logrotate.d/apt-security-updates | ||
+ | </nowiki></pre> | ||
+ | Paste this into the editor, save, and exit: | ||
+ | <pre><nowiki> | ||
+ | /var/log/apt-security-updates { | ||
+ | rotate 2 | ||
+ | weekly | ||
+ | size 250k | ||
+ | compress | ||
+ | notifempty | ||
+ | } | ||
+ | </nowiki></pre> | ||
+ | This will rotate the log file every week (`weekly`), or if it's over 250kB in size (`size 250k`), compressing old versions (`compress`). The previous two log files will be kept (`rotate 2`), and no rotation will occur if the file is empty (`notifempty`). | ||
+ | ==== Using cron-apt to handle automatic updating ==== | ||
+ | Updating can be also done automatically by using package called [http://packages.ubuntu.com/intrepid/cron-apt cron-apt]. Please read man page before doing anything. | ||
+ | ---- | ||
+ | [[category:CategorySecurity]] | ||
− | + | [[category:UbuntuHelp]] | |
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + | ||
− | + |
2009年9月14日 (一) 00:18的版本
点击翻译: |
English • 中文 |
- title 自动进行安全更新
目录
简介
这是一个简单的指导,它教你创建一个脚本或cron任务而获得本地或外部的安全更新,并安装,他会自动在后台执行。在运行一个没有超级版本时总会有安全隐患,但如果你认为这些对你无关,那么你能按照以下的指导。
使用 apt.conf.d
当你在使用 GNOME ,在“系统”菜单,“系统管理”,“软件源”中,打开“更新”选项卡并选择“自动更新”,也把“安装安全更新时不需确认”。
你也可以通过命令行来配置 unattended-upgrades
包,简单的改变你的/etc/apt/apt.conf.d/10periodic :
APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "1"; APT::Periodic::AutocleanInterval "0"; APT::Periodic::Unattended-Upgrade "1";
和 /etc/apt/apt.conf.d/50unattended-upgrades:
// Automatically upgrade packages from these (origin, archive) pairs Unattended-Upgrade::Allowed-Origins { "Ubuntu intrepid-security"; };
Note: 使用这个方法需要你每次更新系统到新版本时都要修改 /etc/apt/apt.conf.d/10periodic 和 /etc/apt/apt.conf.d/50unattended-upgrades 。务必确认用当前系统的代号去替换 intrepid !
使用 cron
操作指南
首先,按 Alt+F2 并创建一个新文件:
gksudo gedit /etc/cron.weekly/apt-security-updates
如果你是用 KDE, 用下面的命令代替:
kdesudo kate /etc/cron.weekly/apt-security-updates
复制以下文本到这个新文件,保存并退出:
#! /bin/sh echo "**************" >> /var/log/apt-security-updates date >> /var/log/apt-security-updates aptitude update >> /var/log/apt-security-updates aptitude safe-upgrade -o Aptitude::Delete-Unused=false --assume-yes --target-release `lsb_release -cs`-security >> /var/log/apt-security-updates echo "Security updates (if any) installed"
最近(从 Ubuntu 7.10 以来),不推荐使用 aptitude 的 'upgrade' 操作。有两中方法去升级,其中安全的一种(传统的,如果有一个更新需要添加或删除依赖,它将不更新)和另一种全部更新(它将总是升级,甚至添加它或删除它会影响到其他包的,之前称为'dist-upgrade' )。这些操作现在是'safe-upgrade' 或 'full-upgrade'。详细请查看 aptitude (man aptitude
) 的帮助。
当你完成前面的步骤,你还要让这个文件有执行权限。在终端输入下面一行:
sudo chmod +x /etc/cron.weekly/apt-security-updates
Post-Install Setup and Execution Information
This script will run once weekly and it installs all available packages from the security repository. It also generates a log in ~-/var/log/apt-security-updates-~ for later inspection in case something goes wrong. This script will output information to a log file, so to prevent this log file from getting too large we need to make sure it gets rotated out. To do this, we'll use the ~-logrotate-~ utility, which comes with Ubuntu. Press Alt+F2 and type this command:
gksudo gedit /etc/logrotate.d/apt-security-updates
For KDE, use this command instead:
kdesudo kate /etc/logrotate.d/apt-security-updates
Paste this into the editor, save, and exit:
/var/log/apt-security-updates { rotate 2 weekly size 250k compress notifempty }
This will rotate the log file every week (`weekly`), or if it's over 250kB in size (`size 250k`), compressing old versions (`compress`). The previous two log files will be kept (`rotate 2`), and no rotation will occur if the file is empty (`notifempty`).
Using cron-apt to handle automatic updating
Updating can be also done automatically by using package called cron-apt. Please read man page before doing anything.