Skip to main content
Table of contents
This page describes what to do in case of an Icinga alert. For more information you could search the govuk-puppet repo for the source of the alert

Outstanding security updates

Machines are configured to automatically install security updates on a daily basis.

  • This is triggered by the /etc/cron.daily/apt script.
  • Relevant config can be found in /etc/apt/apt.conf.d.

This alert indicates automatic updates have stopped working. While this is not normally a critical issue, it becomes so if we start missing out on security patches. Some commands to start debugging with:

# check the output of the last automatic upgrade
less /var/log/unattended-upgrades/unattended-upgrades.log

# try running the upgrade manually
sudo unattended-upgrade -d --dry-run

If the unattended upgrades log looks okay, check which security updates are outstanding:

apt-get upgrade -s | grep -i security

You may find that the upgrades are on a deny list in govuk-puppet (for example, mysql-server-5.5 which needs upgrading manually).

This page was last reviewed on 27 July 2020. It needs to be reviewed again on 27 January 2021 by the page owner #govuk-2ndline .
This page was set to be reviewed before 27 January 2021 by the page owner #govuk-2ndline. This might mean the content is out of date.