Cybersecurity Triage
Risk: safeReview Kept-Back Packages Before Patching
A normal apt upgrade simulation reports packages kept back, and you need to capture them before choosing a broader upgrade path.
Command
apt-get -s upgrade | sed -n '/kept back:/,/^Inst/p'Before you run this
Risk: safe. Do not assume kept-back means safe to ignore; security fixes can be hidden behind dependency changes.
Expected output
The kept-back package section from apt simulation output.
System impact
Nothing changes. The command prints the kept-back section from simulated apt output.
Recovery / rollback: no state is changed.
When to use it
Use when kernel, agent, or dependency updates may need dist-upgrade, full-upgrade, or manual review.
When not to use it
Do not assume kept-back means safe to ignore; security fixes can be hidden behind dependency changes.
Watch this command run
Example output from a temporary Linux lab
This example uses disposable sample files and sanitized output so you can inspect the shape of the result before touching a real system.
$ apt-get -s upgrade
Reading package lists... Done
Building dependency tree... Done
Calculating upgrade... Done
The following packages have been kept back:
app-agent linux-image-generic
The following packages will be upgraded:
curl nginx openssl
3 upgraded, 0 newly installed, 0 to remove and 2 not upgraded.
Inst curl [8.5.0-2ubuntu10.6] (8.5.0-2ubuntu10.7 Ubuntu:24.04/noble-updates [amd64])
Inst nginx [1.24.0-2ubuntu7.3] (1.24.0-2ubuntu7.4 Ubuntu:24.04/noble-updates [amd64])
Inst openssl [3.0.13-0ubuntu3.5] (3.0.13-0ubuntu3.6 Ubuntu:24.04/noble-security [amd64])
Conf curl (8.5.0-2ubuntu10.7 Ubuntu:24.04/noble-updates [amd64])
Conf nginx (1.24.0-2ubuntu7.4 Ubuntu:24.04/noble-updates [amd64])
Conf openssl (3.0.13-0ubuntu3.6 Ubuntu:24.04/noble-security [amd64])$ apt-get -s upgrade | sed -n '/kept back:/,/^Inst/p'
The following packages have been kept back:
app-agent linux-image-generic
The following packages will be upgraded:
curl nginx openssl
3 upgraded, 0 newly installed, 0 to remove and 2 not upgraded.
Inst curl [8.5.0-2ubuntu10.6] (8.5.0-2ubuntu10.7 Ubuntu:24.04/noble-updates [amd64])View reproducible demo details
This page shows the sanitized shell transcript and the setup steps needed to reproduce the example.
Lab setup steps
apt-get -s upgradeapt-get -s upgrade | sed -n '/kept back:/,/^Inst/p'
next steps
Related commands
Simulate Security Package Upgrades
Security patch triage starts by seeing what apt would change, without changing it.
apt-get -s upgrade | awk '/^Inst/ && /security/ {print}'
Preview Security Impact of dist-upgrade
Kernel and dependency security fixes may only appear in the broader upgrade plan.
apt-get -s dist-upgrade | awk '/^Inst/ {print}'
Find Held Packages Blocking Patches
A held package can quietly keep a security update out of production.
apt-mark showhold | sed 's/^/held: /'
Dry-Run Unattended Security Upgrades
Unattended upgrades can explain what they would patch before they patch it.
unattended-upgrade --dry-run --debug 2>&1 | sed -n '/Packages that will be upgraded:/,/^$/p'
Summarize sudo Commands by User
Privilege history is easier to review when users and commands are separated.
sed -n 's/.*sudo: *\([^: ]*\).*COMMAND=\(.*\)$/\1 -> \2/p' fixtures/user-access-audit/logs/auth.log | sort
Study mapping
Use this as independent command practice: read the notes, predict the output, then compare it with the example before using a real shell.
Useful for
- LPIC-1 style command-line practice
- LFCS style performance tasks
- Linux+ style troubleshooting review
Independent study support only. No affiliation, endorsement, exam dumps, or real exam questions.