Amazon Linux AMI update installed packages for security

Amazon Linux AMI update installed packages for security

The procedure to install updates on Amazon Linux EC2 is as follows:

1. Open the terminal app.
2. For remote server log in using the ssh command: ssh user@server-name-here.
3. Show information about update advisories, run: sudo yum updateinfo
4. Issue the command sudo yum update to refresh package database and install updates.
5. Reboot the system if kernel was updated by typing sudo reboot command.

Let us see all commands and examples in details.

Find out info about available security-related updates

It is a good idea to find out if there any updates available for the box. Hence, run the following command:
sudo yum updateinfo
Sample outputs:

Loaded plugins: priorities, update-motd, upgrade-helper
amzn-main/latest                                                                                                                                      | 2.1 kB  00:00:00     
amzn-updates/latest                                                                                                                                   | 2.5 kB  00:00:00     
Updates Information Summary: updates
    10 Security notice(s)
         1 important Security notice(s)
         1 low Security notice(s)
         8 medium Security notice(s)
updateinfo summary done

Want to see a list of the updates on screen? Try the following command along with grep command:
sudo yum check-update
sudo yum check-update | more
sudo yum check-update | grep bash
sudo yum check-update

Before you apply updates please note down Linux kernel version, run:
uname -mrs
Sample outputs:

Linux 4.14.123-86.109.amzn1.x86_64 x86_64

How to install updates via yum command line for Amazon Linux on EC2

Open up a terminal application or log in using ssh. Run the yum command to upgrade all installed packages on Amazon Linux cloud server:
sudo yum update

One can only apply security related updates to the machines, run:
sudo yum --security update

How do I update a single package?

Run the following command:
sudo yum update pkg_name
sudo yum update curl
It is also possible to install all updates except php73 and curl packages as follows:
sudo yum -x 'php73*' -x 'curl*' update
The -x option exclude packages specified given name. See “Force yum update Command To Exclude Certain Packages” for more info.

Reboot the Linux system

You must reboot system when kernel gets updated, run:
sudo reboot
Verify Linux kernel version and list updates:
uname -mrs
sudo yum updateinfo

Checking For and Updating Packages on Amazon Linux AMI

Conclusion

You learned how to install the software update for all installed packages using the CLI methods on Amazon Linux AMI based systems running on AWS cloud EC2 or Lightsail server. See Amazon page for more information.