sebelk's questions

Eu tenho um motd "mensagem do dia" quando faço login que parece vir do arquivo /var/lib/update-notifier/updates-available:

root@ls:~# cat /var/lib/update-notifier/updates-available

95 updates can be applied immediately.
1 of these updates is a standard security update.
To see these additional updates run: apt list --upgradable

No entanto, quando executo atualizações autônomas, ele diz que não há atualizações de segurança disponíveis:

root@ls:~# unattended-upgrades --dry-run -v
Initial blacklisted packages: 
Initial whitelisted packages: 
Starting unattended upgrades script
Allowed origins are: o=Ubuntu,a=bionic, o=Ubuntu,a=bionic-security, o=UbuntuESM,a=bionic
No packages found that can be upgraded unattended and no pending auto-removals

Apenas no caso, este meu arquivo sources.list:

deb http://archive.ubuntu.com/ubuntu bionic main restricted
deb http://archive.ubuntu.com/ubuntu bionic-updates main restricted
deb http://archive.ubuntu.com/ubuntu bionic universe
deb http://archive.ubuntu.com/ubuntu bionic-updates universe
deb http://archive.ubuntu.com/ubuntu bionic multiverse
deb http://archive.ubuntu.com/ubuntu bionic-updates multiverse
deb http://archive.ubuntu.com/ubuntu bionic-backports main restricted universe multiverse
deb http://archive.ubuntu.com/ubuntu bionic-security main restricted
deb http://archive.ubuntu.com/ubuntu bionic-security universe
deb http://archive.ubuntu.com/ubuntu bionic-security multiverse

EDIT 1 : Saída da lista apt atualizável

Listing... Done
apt/bionic-updates 1.6.14 amd64 [upgradable from: 1.6.12ubuntu0.2]
apt-utils/bionic-updates 1.6.14 amd64 [upgradable from: 1.6.12ubuntu0.2]
base-files/bionic-updates 10.1ubuntu2.11 amd64 [upgradable from: 10.1ubuntu2.8]
bcache-tools/bionic-updates 1.0.8-2ubuntu0.18.04.1 amd64 [upgradable from: 1.0.8-2build1]
cloud-init/bionic-updates 21.4-0ubuntu1~18.04.1 all [upgradable from: 19.4-33-gbb4131a2-0ubuntu1~18.04.1]
cryptsetup/bionic-updates 2:2.0.2-1ubuntu1.2 amd64 [upgradable from: 2:2.0.2-1ubuntu1.1]
cryptsetup-bin/bionic-updates 2:2.0.2-1ubuntu1.2 amd64 [upgradable from: 2:2.0.2-1ubuntu1.1]
dirmngr/bionic-updates 2.2.4-1ubuntu1.4 amd64 [upgradable from: 2.2.4-1ubuntu1.3]
dmeventd/bionic-updates 2:1.02.145-4.1ubuntu3.18.04.3 amd64 [upgradable from: 2:1.02.145-4.1ubuntu3.18.04.2]
dmsetup/bionic-updates 2:1.02.145-4.1ubuntu3.18.04.3 amd64 [upgradable from: 2:1.02.145-4.1ubuntu3.18.04.2]
dnsmasq-base/bionic-updates 2.79-1ubuntu0.5 amd64 [upgradable from: 2.79-1ubuntu0.4]
friendly-recovery/bionic-updates 0.2.38ubuntu1.2 all [upgradable from: 0.2.38ubuntu1.1]
gnupg/bionic-updates 2.2.4-1ubuntu1.4 amd64 [upgradable from: 2.2.4-1ubuntu1.3]
gnupg-l10n/bionic-updates 2.2.4-1ubuntu1.4 all [upgradable from: 2.2.4-1ubuntu1.3]
gnupg-utils/bionic-updates 2.2.4-1ubuntu1.4 amd64 [upgradable from: 2.2.4-1ubuntu1.3]
gpg/bionic-updates 2.2.4-1ubuntu1.4 amd64 [upgradable from: 2.2.4-1ubuntu1.3]
gpg-agent/bionic-updates 2.2.4-1ubuntu1.4 amd64 [upgradable from: 2.2.4-1ubuntu1.3]
gpg-wks-client/bionic-updates 2.2.4-1ubuntu1.4 amd64 [upgradable from: 2.2.4-1ubuntu1.3]
gpg-wks-server/bionic-updates 2.2.4-1ubuntu1.4 amd64 [upgradable from: 2.2.4-1ubuntu1.3]
gpgconf/bionic-updates 2.2.4-1ubuntu1.4 amd64 [upgradable from: 2.2.4-1ubuntu1.3]
gpgsm/bionic-updates 2.2.4-1ubuntu1.4 amd64 [upgradable from: 2.2.4-1ubuntu1.3]
gpgv/bionic-updates 2.2.4-1ubuntu1.4 amd64 [upgradable from: 2.2.4-1ubuntu1.3]
gzip/bionic-updates 1.6-5ubuntu1.1 amd64 [upgradable from: 1.6-5ubuntu1]
initramfs-tools/bionic-updates 0.130ubuntu3.13 all [upgradable from: 0.130ubuntu3.9]
initramfs-tools-bin/bionic-updates 0.130ubuntu3.13 amd64 [upgradable from: 0.130ubuntu3.9]
initramfs-tools-core/bionic-updates 0.130ubuntu3.13 all [upgradable from: 0.130ubuntu3.9]
iproute2/bionic-updates 4.15.0-2ubuntu1.3 amd64 [upgradable from: 4.15.0-2ubuntu1.1]
kmod/bionic-updates 24-1ubuntu3.5 amd64 [upgradable from: 24-1ubuntu3.2]
landscape-common/bionic-updates 18.01-0ubuntu3.5 amd64 [upgradable from: 18.01-0ubuntu3.4]
libapt-inst2.0/bionic-updates 1.6.14 amd64 [upgradable from: 1.6.12ubuntu0.2]
libapt-pkg5.0/bionic-updates 1.6.14 amd64 [upgradable from: 1.6.12ubuntu0.2]
libaudit-common/bionic-updates 1:2.8.2-1ubuntu1.1 all [upgradable from: 1:2.8.2-1ubuntu1]
libaudit1/bionic-updates 1:2.8.2-1ubuntu1.1 amd64 [upgradable from: 1:2.8.2-1ubuntu1]
libc-bin/bionic-updates 2.27-3ubuntu1.4 amd64 [upgradable from: 2.27-3ubuntu1.2]
libc6/bionic-updates 2.27-3ubuntu1.4 amd64 [upgradable from: 2.27-3ubuntu1.2]
libcryptsetup12/bionic-updates 2:2.0.2-1ubuntu1.2 amd64 [upgradable from: 2:2.0.2-1ubuntu1.1]
libdevmapper-event1.02.1/bionic-updates 2:1.02.145-4.1ubuntu3.18.04.3 amd64 [upgradable from: 2:1.02.145-4.1ubuntu3.18.04.2]
libdevmapper1.02.1/bionic-updates 2:1.02.145-4.1ubuntu3.18.04.3 amd64 [upgradable from: 2:1.02.145-4.1ubuntu3.18.04.2]
libdrm-common/bionic-updates 2.4.101-2~18.04.1 all [upgradable from: 2.4.99-1ubuntu1~18.04.2]
libdrm2/bionic-updates 2.4.101-2~18.04.1 amd64 [upgradable from: 2.4.99-1ubuntu1~18.04.2]
libgnutls30/bionic-updates 3.5.18-1ubuntu1.5 amd64 [upgradable from: 3.5.18-1ubuntu1.3]
libkmod2/bionic-updates 24-1ubuntu3.5 amd64 [upgradable from: 24-1ubuntu3.2]
liblvm2app2.2/bionic-updates 2.02.176-4.1ubuntu3.18.04.3 amd64 [upgradable from: 2.02.176-4.1ubuntu3.18.04.2]
liblvm2cmd2.02/bionic-updates 2.02.176-4.1ubuntu3.18.04.3 amd64 [upgradable from: 2.02.176-4.1ubuntu3.18.04.2]
libnss-systemd/bionic-updates 237-3ubuntu10.53 amd64 [upgradable from: 237-3ubuntu10.50]
libpam-modules/bionic-updates 1.1.8-3.6ubuntu2.18.04.3 amd64 [upgradable from: 1.1.8-3.6ubuntu2.18.04.1]
libpam-modules-bin/bionic-updates 1.1.8-3.6ubuntu2.18.04.3 amd64 [upgradable from: 1.1.8-3.6ubuntu2.18.04.1]
libpam-runtime/bionic-updates 1.1.8-3.6ubuntu2.18.04.3 all [upgradable from: 1.1.8-3.6ubuntu2.18.04.1]
libpam-systemd/bionic-updates 237-3ubuntu10.53 amd64 [upgradable from: 237-3ubuntu10.50]
libpam0g/bionic-updates 1.1.8-3.6ubuntu2.18.04.3 amd64 [upgradable from: 1.1.8-3.6ubuntu2.18.04.1]
libpcap0.8/bionic-updates 1.8.1-6ubuntu1.18.04.2 amd64 [upgradable from: 1.8.1-6ubuntu1.18.04.1]
libssl1.1/bionic-updates 1.1.1-1ubuntu2.1~18.04.14 amd64 [upgradable from: 1.1.1-1ubuntu2.1~18.04.13]
libsystemd0/bionic-updates 237-3ubuntu10.53 amd64 [upgradable from: 237-3ubuntu10.50]
libudev1/bionic-updates 237-3ubuntu10.53 amd64 [upgradable from: 237-3ubuntu10.50]
libxau6/bionic-updates 1:1.0.8-1ubuntu1 amd64 [upgradable from: 1:1.0.8-1]
linux-base/bionic-updates 4.5ubuntu1.7 all [upgradable from: 4.5ubuntu1.2]
linux-firmware/bionic-updates 1.173.20 all [upgradable from: 1.173.18]
locales/bionic-updates 2.27-3ubuntu1.4 all [upgradable from: 2.27-3ubuntu1.2]
lshw/bionic-updates 02.18-0.1ubuntu6.18.04.2 amd64 [upgradable from: 02.18-0.1ubuntu6.18.04.1]
lvm2/bionic-updates 2.02.176-4.1ubuntu3.18.04.3 amd64 [upgradable from: 2.02.176-4.1ubuntu3.18.04.2]
lxcfs/bionic-updates 3.0.3-0ubuntu1~18.04.2 amd64 [upgradable from: 3.0.3-0ubuntu1~18.04.1]
multiarch-support/bionic-updates 2.27-3ubuntu1.4 amd64 [upgradable from: 2.27-3ubuntu1.2]
netplan.io/bionic-updates 0.99-0ubuntu3~18.04.5 amd64 [upgradable from: 0.98-0ubuntu1~18.04.1]
nplan/bionic-updates 0.99-0ubuntu3~18.04.5 all [upgradable from: 0.98-0ubuntu1~18.04.1]
open-iscsi/bionic-updates 2.0.874-5ubuntu2.10 amd64 [upgradable from: 2.0.874-5ubuntu2.7]
open-vm-tools/bionic-updates 2:11.0.5-4ubuntu0.18.04.1 amd64 [upgradable from: 2:11.0.1-2ubuntu0.18.04.2]
openssl/bionic-updates 1.1.1-1ubuntu2.1~18.04.14 amd64 [upgradable from: 1.1.1-1ubuntu2.1~18.04.13]
pollinate/bionic-updates 4.33-0ubuntu1~18.04.2 all [upgradable from: 4.33-0ubuntu1~18.04.1]
python-apt-common/bionic-updates 1.6.5ubuntu0.7 all [upgradable from: 1.6.5ubuntu0.5]
python3-apt/bionic-updates 1.6.5ubuntu0.7 amd64 [upgradable from: 1.6.5ubuntu0.5]
python3-distupgrade/bionic-updates 1:18.04.45 all [upgradable from: 1:18.04.37]
python3-httplib2/bionic-updates 0.9.2+dfsg-1ubuntu0.3 all [upgradable from: 0.9.2+dfsg-1ubuntu0.2]
python3-software-properties/bionic-updates 0.96.24.32.18 all [upgradable from: 0.96.24.32.14]
python3-update-manager/bionic-updates 1:18.04.11.13 all [upgradable from: 1:18.04.11.10]
rsync/bionic-updates 3.1.2-2.1ubuntu1.2 amd64 [upgradable from: 3.1.2-2.1ubuntu1.1]
snapd/bionic-updates 2.51.1+18.04 amd64 [upgradable from: 2.48.3+18.04]
software-properties-common/bionic-updates 0.96.24.32.18 all [upgradable from: 0.96.24.32.14]
sosreport/bionic-updates 4.1-1ubuntu0.18.04.3 amd64 [upgradable from: 3.6-1ubuntu0.18.04.4]
systemd/bionic-updates 237-3ubuntu10.53 amd64 [upgradable from: 237-3ubuntu10.50]
systemd-sysv/bionic-updates 237-3ubuntu10.53 amd64 [upgradable from: 237-3ubuntu10.50]
ubuntu-advantage-tools/bionic-updates 27.5~18.04.1 all [upgradable from: 17]
ubuntu-keyring/bionic-updates 2018.09.18.1~18.04.2 all [upgradable from: 2018.09.18.1~18.04.0]
ubuntu-minimal/bionic-updates 1.417.5 amd64 [upgradable from: 1.417.4]
ubuntu-release-upgrader-core/bionic-updates 1:18.04.45 all [upgradable from: 1:18.04.37]
ubuntu-server/bionic-updates 1.417.5 amd64 [upgradable from: 1.417.4]
ubuntu-standard/bionic-updates 1.417.5 amd64 [upgradable from: 1.417.4]
udev/bionic-updates 237-3ubuntu10.53 amd64 [upgradable from: 237-3ubuntu10.50]
ufw/bionic-updates 0.36-0ubuntu0.18.04.2 all [upgradable from: 0.36-0ubuntu0.18.04.1]
unattended-upgrades/bionic-updates 1.1ubuntu1.18.04.14 all [upgradable from: 1.1ubuntu1.18.04.13]
update-manager-core/bionic-updates 1:18.04.11.13 all [upgradable from: 1:18.04.11.10]

Então, quem está dizendo a verdade, update-notifier-common ou unattended-upgrades? EDIT 2 : E eu me pergunto onde "1 dessas atualizações é uma atualização de segurança padrão". vem de onde? Como posso obter os nomes dos pacotes de tais atualizações?

Não recebo nada se executar: apt-get upgrade -s | grep ^Inst | grep -i security

Eu li na página de manual do cron:

Cron procura /var/spool/cronpor arquivos crontab que são nomeados após contas em /etc/passwd; Os crontabs encontrados são carregados na memória. O Cron também procura /etc/anacrontab e quaisquer arquivos no /etc/cron.ddiretório que tenham um formato diferente (consulte Recursos crontab(5)). Cron examina todos os crontabs armazenados e verifica cada trabalho para ver se ele precisa ser executado no minuto atual

E então diz:

/etc/crontabsistema crontab. Hoje em dia o arquivo está vazio por padrão. Originalmente, era geralmente usado para executar tarefas diárias, semanais e mensais. Por padrão, esses trabalhos agora são executados através do anacron, que lê /etc/anacrontabo arquivo de configuração. Veja anacrontab(5)para mais detalhes.

Ok, está claro para mim o que acontece se /etc/crontabestiver vazio.

Minha pergunta é: se de qualquer maneira /etc/crontabexiste, quando é lido?

Nota: A página man é do CentOS 8.

Eu gostaria de saber o significado de alguns itens na saída do comando ss. Por exemplo:

# sudo   ss -iepn '( dport = :3443 )'

Netid      State      Recv-Q      Send-Q             Local Address:Port              Peer Address:Port      
tcp        ESTAB      0           0                  192.168.43.39:45486              190.0.2.1:443       users:(("rocketchat-desk",pid=28697,fd=80)) timer:(keepalive,11sec,0) uid:1000 ino:210510085 sk:16f1 <->
         ts sack cubic wscale:7,7 rto:573 rtt:126.827/104.434 ato:40 mss:1388 pmtu:1500 rcvmss:1388 advmss:1448 cwnd:10 bytes_sent:12904 bytes_retrans:385 bytes_acked:12520 bytes_received:13322 segs_out:433 segs_in:444 data_segs_out:215 data_segs_in:253 send 875.5Kbps lastsnd:18722 lastrcv:18723 lastack:18662 pacing_rate 1.8Mbps delivery_rate 298.1Kbps delivered:216 busy:16182ms retrans:0/10 dsack_dups:10 rcv_rtt:305 rcv_space:14480 rcv_ssthresh:6
CLOSE-WAIT      1           0                [2800:810:54a:7f0::1000]:37844                                     [2800:3f0:4002:803::200a]:443                    users:(("plasma-browser-",pid=16020,fd=175)) uid:1000 ino:90761 sk:1d -->
         ts sack cubic wscale:8,7 rto:222 rtt:21.504/5.045 ato:40 mss:1348 pmtu:1500 rcvmss:1208 advmss:1428 cwnd:10 bytes_sent:1470 bytes_acked:1471 bytes_received:11214 segs_out:20 segs_in:20 data_segs_out:8 data_segs_in:13 send 5014881bps lastsnd:96094169 lastrcv:96137280 lastack:96094142 pacing_rate 10029464bps delivery_rate 1363968bps delivered:9 app_limited busy:91ms rcv_space:14280 rcv_ssthresh:64108 minrtt:17.458

Principalmente itens faltando na página man ss, eu fiz algumas suposições, por favor me corrija se eu estiver errado:

• rcvmss: Gostaria de saber se o MMS recebe
• advmss: ?
• app_limited: ?
• ocupado: ?
• retransmissão: ?
• dsack_dups: Segmentos duplicados?
• minrtt: RTT mínimo alcançado no soquete?

Ao usar o lddcomando existe uma opção, -u, para

imprimir dependências diretas não utilizadas

conforme indicado na ajuda online.

Por exemplo:

ldd  -u /bin/gcc
Unused direct dependencies:
        /lib64/libm.so.6
        /lib64/ld-linux-x86-64.so.2

O que são "dependências diretas não utilizadas"? Por que eles não são utilizados ? Por que são dependências ?

Qual é o significado de postscreen_dnsbl_reply_mappostscreen (postfix)? Eu li na documentação:

se suas consultas DNSBL tiverem um "segredo" no nome do domínio, você deve censurar essa informação das respostas SMTP postscreen(8) ( 1 )

E do manual:

Um mapeamento do nome de domínio DNSBL real, que inclui uma senha secreta, para o nome de domínio DNSBL com o qual o postscreen responderá quando rejeitar e-mail. Quando nenhum mapeamento for encontrado, o domínio DNSBL real será usado. ( 2 )

Não entendo o significado de uma senha secreta , como um nome de domínio DNS incluirá uma senha?

Você poderia me explicar?