$ Linux One Liners
Back to commands

Cybersecurity Triage

Dry run / preview

Simulate Security Package Upgrades

You need to identify pending security updates on a Debian or Ubuntu host before a maintenance window.

Command

apt-get -s upgrade | awk '/^Inst/ && /security/ {print}'

Before you run this

System impact: Preview only. Still verify source and destination paths before running the real command.

When not to use it: Do not treat simulation output as a completed patch; it only describes what apt would try to do.

Expected output

Inst rows for packages whose candidate version comes from a security repository.

System impact

Dry run / preview. Nothing changes. apt-get runs in simulation mode and awk prints only install lines from security pockets.

Recovery / rollback: no state is changed.

When to use it

Use before patch windows, incident response, or compliance notes when you need a read-only security update list.

When not to use it

Do not treat simulation output as a completed patch; it only describes what apt would try to do.

Watch this command run

Command transcript

This sanitized transcript shows the commands and output shape without exposing host details.

demo@lab:~$

$ apt-get -s upgrade

Reading package lists... Done
Building dependency tree... Done
Calculating upgrade... Done
The following packages have been kept back:
  app-agent linux-image-generic
The following packages will be upgraded:
  curl nginx openssl
3 upgraded, 0 newly installed, 0 to remove and 2 not upgraded.
Inst curl [8.5.0-2ubuntu10.6] (8.5.0-2ubuntu10.7 Ubuntu:24.04/noble-updates [amd64])
Inst nginx [1.24.0-2ubuntu7.3] (1.24.0-2ubuntu7.4 Ubuntu:24.04/noble-updates [amd64])
Inst openssl [3.0.13-0ubuntu3.5] (3.0.13-0ubuntu3.6 Ubuntu:24.04/noble-security [amd64])
Conf curl (8.5.0-2ubuntu10.7 Ubuntu:24.04/noble-updates [amd64])
Conf nginx (1.24.0-2ubuntu7.4 Ubuntu:24.04/noble-updates [amd64])
Conf openssl (3.0.13-0ubuntu3.6 Ubuntu:24.04/noble-security [amd64])

$ apt-get -s upgrade | awk '/^Inst/ && /security/ {print}'

Inst openssl [3.0.13-0ubuntu3.5] (3.0.13-0ubuntu3.6 Ubuntu:24.04/noble-security [amd64])
View commands shown

These are the commands shown in the sanitized transcript.

Commands shown

  1. apt-get -s upgrade
  2. apt-get -s upgrade | awk '/^Inst/ && /security/ {print}'

next steps

Related commands

Cybersecurity Triage Dry run

Preview Security Impact of dist-upgrade

Kernel and dependency security fixes may only appear in the broader upgrade plan.

apt-get -s dist-upgrade | awk '/^Inst/ {print}'
Cybersecurity Triage Read-only

Build a Recent Apt Patch Timeline

Apt history turns patch claims into timestamps and package names.

awk '/^(Start-Date|Commandline|Upgrade|End-Date)/ {print}' /var/log/apt/history.log
Cybersecurity Triage Read-only

Find Password-Enabled Accounts

A shell account with an unlocked password hash deserves extra attention.

awk -F: '$2 !~ /^(!|\*)/ {print $1}' fixtures/user-access-audit/etc/shadow
Cybersecurity Triage Sensitive output

Find SSH Key Users with sudo

The highest-priority access review starts where SSH keys and sudo overlap.

comm -12 <(find fixtures/user-access-audit/home -path '*/.ssh/authorized_keys' -printf '%h\n' | awk -F/ '{print $(NF-1)}' | sort) <(awk -F: '$1=="sudo" {gsub(",","\n",$4); print $4}' fixtures/user-access-audit/etc/group | sort)
Study mapping

Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.

  • lpic1:102-package-management
  • lpic1:103-gnu-unix-commands
  • lpic1:110-security
  • lfcs:essential-commands
  • lfcs:operations-deployment
  • lfcs:security-hygiene
  • linuxplus:automation-scripting
  • linuxplus:provisional
  • linuxplus:system-management
  • risk:read-only

Useful for

  • LPIC-1 style command-line practice
  • LFCS style performance tasks
  • Linux+ style troubleshooting review

Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.