Cybersecurity Triage
Read-onlyBuild a Recent Apt Patch Timeline
You need to prove what package changes happened recently and which command triggered them.
Command
awk '/^(Start-Date|Commandline|Upgrade|End-Date)/ {print}' /var/log/apt/history.logBefore you run this
System impact: Read-only. Low when scoped to the shown target.
When not to use it: Do not assume rotated logs are included; inspect compressed history files if you need older activity.
Expected output
Start dates, command lines, upgrade rows, and end dates from apt history.
System impact
Read-only. Nothing changes. awk filters apt history to the fields useful for patch timelines.
May require elevated permissions on protected paths or service-owned files.
Recovery / rollback: no state is changed.
When to use it
Use during incident response, audit follow-up, or post-maintenance validation.
When not to use it
Do not assume rotated logs are included; inspect compressed history files if you need older activity.
Watch this command run
Command transcript
This sanitized transcript shows the commands and output shape without exposing host details.
$ cat /var/log/apt/history.log
Start-Date: 2026-06-25 02:10:01
Commandline: /usr/bin/unattended-upgrade
Upgrade: openssl:amd64 (3.0.13-0ubuntu3.5, 3.0.13-0ubuntu3.6), curl:amd64 (8.5.0-2ubuntu10.6, 8.5.0-2ubuntu10.7)
End-Date: 2026-06-25 02:10:18
Start-Date: 2026-06-24 21:30:44
Commandline: apt-get -y install nginx
Install: nginx:amd64 (1.24.0-2ubuntu7.3)
End-Date: 2026-06-24 21:30:59
Start-Date: 2026-06-23 03:12:04
Commandline: apt-get upgrade
Upgrade: libc6:amd64 (2.39-0ubuntu8.3, 2.39-0ubuntu8.4), linux-image-generic:amd64 (6.8.0-60.63, 6.8.0-63.66)
End-Date: 2026-06-23 03:14:39$ awk '/^(Start-Date|Commandline|Upgrade|End-Date)/ {print}' /var/log/apt/history.log
Start-Date: 2026-06-25 02:10:01
Commandline: /usr/bin/unattended-upgrade
Upgrade: openssl:amd64 (3.0.13-0ubuntu3.5, 3.0.13-0ubuntu3.6), curl:amd64 (8.5.0-2ubuntu10.6, 8.5.0-2ubuntu10.7)
End-Date: 2026-06-25 02:10:18
Start-Date: 2026-06-24 21:30:44
Commandline: apt-get -y install nginx
End-Date: 2026-06-24 21:30:59
Start-Date: 2026-06-23 03:12:04
Commandline: apt-get upgrade
Upgrade: libc6:amd64 (2.39-0ubuntu8.3, 2.39-0ubuntu8.4), linux-image-generic:amd64 (6.8.0-60.63, 6.8.0-63.66)
End-Date: 2026-06-23 03:14:39View commands shown
These are the commands shown in the sanitized transcript.
Commands shown
cat /var/log/apt/history.logawk '/^(Start-Date|Commandline|Upgrade|End-Date)/ {print}' /var/log/apt/history.log
next steps
Related commands
Find Warnings in Apt Terminal Logs
The package installed, but the terminal log may still contain the warning that matters.
grep -Ei 'warning|error|failed|dpkg' /var/log/apt/term.log
Simulate Security Package Upgrades
Security patch triage starts by seeing what apt would change, without changing it.
apt-get -s upgrade | awk '/^Inst/ && /security/ {print}'
Spot Request Bursts by Minute
Traffic spikes are easier to read when you bucket them by time.
awk '{minute=substr($4,2,17); count[minute]++} END {for (m in count) print count[m], m}' ./fixtures/nginx/access.log | sort -nr | head
Preview Security Impact of dist-upgrade
Kernel and dependency security fixes may only appear in the broader upgrade plan.
apt-get -s dist-upgrade | awk '/^Inst/ {print}'
Find the IPs Creating the Most 4xx Noise
One address can turn a normal access log into a wall of failed requests.
awk '$9 ~ /^4/ {count[$1]++} END {for (ip in count) print count[ip], ip}' ./fixtures/nginx/access.log | sort -nr | head
Study mapping
Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.
Useful for
- LPIC-1 style command-line practice
- LFCS style performance tasks
- Linux+ style troubleshooting review
Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.