Cybersecurity Triage
Risk: safeBuild a Recent Apt Patch Timeline
You need to prove what package changes happened recently and which command triggered them.
Command
awk '/^(Start-Date|Commandline|Upgrade|End-Date)/ {print}' /var/log/apt/history.logBefore you run this
Risk: safe. Do not assume rotated logs are included; inspect compressed history files if you need older activity.
Expected output
Start dates, command lines, upgrade rows, and end dates from apt history.
System impact
Nothing changes. awk filters apt history to the fields useful for patch timelines.
Recovery / rollback: no state is changed.
When to use it
Use during incident response, audit follow-up, or post-maintenance validation.
When not to use it
Do not assume rotated logs are included; inspect compressed history files if you need older activity.
Watch this command run
Example output from a temporary Linux lab
This example uses disposable sample files and sanitized output so you can inspect the shape of the result before touching a real system.
$ cat /var/log/apt/history.log
Start-Date: 2026-06-25 02:10:01
Commandline: /usr/bin/unattended-upgrade
Upgrade: openssl:amd64 (3.0.13-0ubuntu3.5, 3.0.13-0ubuntu3.6), curl:amd64 (8.5.0-2ubuntu10.6, 8.5.0-2ubuntu10.7)
End-Date: 2026-06-25 02:10:18
Start-Date: 2026-06-24 21:30:44
Commandline: apt-get -y install nginx
Install: nginx:amd64 (1.24.0-2ubuntu7.3)
End-Date: 2026-06-24 21:30:59
Start-Date: 2026-06-23 03:12:04
Commandline: apt-get upgrade
Upgrade: libc6:amd64 (2.39-0ubuntu8.3, 2.39-0ubuntu8.4), linux-image-generic:amd64 (6.8.0-60.63, 6.8.0-63.66)
End-Date: 2026-06-23 03:14:39$ awk '/^(Start-Date|Commandline|Upgrade|End-Date)/ {print}' /var/log/apt/history.log
Start-Date: 2026-06-25 02:10:01
Commandline: /usr/bin/unattended-upgrade
Upgrade: openssl:amd64 (3.0.13-0ubuntu3.5, 3.0.13-0ubuntu3.6), curl:amd64 (8.5.0-2ubuntu10.6, 8.5.0-2ubuntu10.7)
End-Date: 2026-06-25 02:10:18
Start-Date: 2026-06-24 21:30:44
Commandline: apt-get -y install nginx
End-Date: 2026-06-24 21:30:59
Start-Date: 2026-06-23 03:12:04
Commandline: apt-get upgrade
Upgrade: libc6:amd64 (2.39-0ubuntu8.3, 2.39-0ubuntu8.4), linux-image-generic:amd64 (6.8.0-60.63, 6.8.0-63.66)
End-Date: 2026-06-23 03:14:39View reproducible demo details
This page shows the sanitized shell transcript and the setup steps needed to reproduce the example.
Lab setup steps
cat /var/log/apt/history.logawk '/^(Start-Date|Commandline|Upgrade|End-Date)/ {print}' /var/log/apt/history.log
next steps
Related commands
Find Warnings in Apt Terminal Logs
The package installed, but the terminal log may still contain the warning that matters.
grep -Ei 'warning|error|failed|dpkg' /var/log/apt/term.log
Simulate Security Package Upgrades
Security patch triage starts by seeing what apt would change, without changing it.
apt-get -s upgrade | awk '/^Inst/ && /security/ {print}'
Spot Request Bursts by Minute
Traffic spikes are easier to read when you bucket them by time.
awk '{minute=substr($4,2,17); count[minute]++} END {for (m in count) print count[m], m}' ./fixtures/nginx/access.log | sort -nr | head
Preview Security Impact of dist-upgrade
Kernel and dependency security fixes may only appear in the broader upgrade plan.
apt-get -s dist-upgrade | awk '/^Inst/ {print}'
Find the IPs Creating the Most 4xx Noise
One address can turn a normal access log into a wall of failed requests.
awk '$9 ~ /^4/ {count[$1]++} END {for (ip in count) print count[ip], ip}' ./fixtures/nginx/access.log | sort -nr | head
Study mapping
Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.
Useful for
- LPIC-1 style command-line practice
- LFCS style performance tasks
- Linux+ style troubleshooting review
Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.