3

I am running debian on a couple of servers that I control and would like to upgrade them remotely. I do not have access to the keyboard directly, as they are VPS machines in a different location.

I have ran the following commands remotely:

apt-get update
apt-get upgrade
apt-get dist-upgrade

...how do I remotely upgrade the kernel on my debian system? Is there anything more to it?

chovy
  • 340
  • 1
  • 5
  • 16
  • 4
    Same, just run reboot at the end. It will boot to the new kernel. Check with GRUP or LILO that it points to the new kernel by default. – Andrew Smith Jul 13 '12 at 17:59

3 Answers3

6

What you are doing is correct. You have to reboot for a new kernel to be used.

LVLAaron
  • 436
  • 6
  • 13
  • 1
    Thank you, I wasn't sure, because I thought there was another step when I did this a year ago. – chovy Nov 13 '12 at 05:25
2

you can verify that you have the 2.6.32-5 kernel with uname -r which is the latest for debian stable. The question is: "Do you need a newer kernel? or do you just want to make sure your kernel is up to date"? If you need a newer kernel because there is some feature or hardware support that you are missing, you can enable the backports repository and get the 3.2 kernel from there. There are instructions for backports here. After enabling the backports repository, you can run apt-get -t squeeze-backports install linux-image-$arch where $arch is the string you get from uname -r which is probably one of {486,686,amd64}.

If you just want to verify that your kernel is currently, you can check the current version of the kernel package you have installed with apt-cache policy linux-image-$(uname -r) and look at the Installed: and Candidate: lines. They should be the same. You can also compare this version for the current listed version for "stable-sec" (meaning stable security) in the package tracking system.

When comparing kernel versions, you should not confuse the current kernel ABI version 2.6.32-5 with the current version of the linux-2.6 pacakge, which looks similar. At this time the current version of the 2.6.32-5 kernel is 2.6.32-45.

Update:

as @bahamat correctly points out, you can't get a complete picture from uname -r, however /proc/version contains more complete information. if you look at the output of cat /proc/version you should see something like:

Linux version 2.6.32-5-686 (Debian 2.6.32-45) (dannf@debian.org) (gcc version 4.3.5 (Debian 4.3.5-4) ) #1 SMP Sun May 6 04:01:19 UTC 2012

This tells us that the currently running kernel comes from the 2.6.32-45 version of the linux-image-2.6.32-5-686 package. If this package version here differs from the version of the linux-image-2.6.32-5-686 coming from the Installed: line from apt-cache policy, then it might be that you just need to reboot into the newer kernel.

If they still differ after a reboot, then you probably need to reconfigure your bootloader.

stew
  • 9,388
  • 1
  • 30
  • 43
  • Debian kernels are sub-versioned that's not available through `uname`. The best tool for this is `dpkg`/`apt`. If there's a newer kernel in the **stable** release then it's a security fix. The better question then is "is there any reason to *not* upgrade the kernel?". – bahamat Jul 13 '12 at 18:49
  • @bahamat sure, one should always upgrade from one stable kernel to another. If he wants to upgrade to something newer than 2.6.32-5, like the backports kernel, then I ask why? (so its not just SNS) – stew Jul 13 '12 at 18:57
  • Yes, I wasn't commenting on that part. I guess it should have been two comments. 1) `dpkg`>`uname`; and 2) If you're not doing a feature upgrade then default to yes. – bahamat Jul 13 '12 at 19:02
  • right, updated my answer with /proc/version – stew Jul 13 '12 at 19:06
  • Even still, I'd suggest using the package management system—checking package versions is kind of what it's for. – bahamat Jul 13 '12 at 19:25
  • right, I think they are both useful. one is "which kernel is installed" and the other is "which kernel am I running". – stew Jul 13 '12 at 19:27
  • Ah, I see where you were going with that. Yes, that's a valid point. – bahamat Jul 13 '12 at 19:45
0

If you are updating just for security, you're doing it right (Don't forget to reboot your server or VM). Remember: put the sshd service in the rcX, so you can access in every reboot to your server (almost if the things runs ok haha)

PS: the last command is apt-get dist-upgrade (with the hyphen between dist and upgrade)

Masterl1nk
  • 157
  • 2
  • 13