How to Automate Patching in EC2 Server with Shell Scripts: A Step-by-Step Guide
Automating with Shell Scripts
I am a Cloud Engineer with 3+ years of experience
Certifications : AWS Certified Solutions Architect Associate, AZ-900
For technical collaborations, you can drop a mail to sreedevi.devopscloud@gmail.com
Hello Geeks,
Welcome to Linux Series, in this series we are going to discuss about Linux and Shell Scripting with hands on demo’s
In this article we are going to learn about Patching in EC2 Linux and automate it with Shell Scripting. Linux is an open source operating system, most of the applications which we use are hosted in the Linux OS.
Are you thinking that what is Patching and why we need to apply patches for our EC2 instances. Let me explain, patching is the process of updating the Operating System, Software’s and applications hosted in the EC2 Instances to fix security vulnerabilities, bug fixes and new feature enhancements.
Patches Types:
Kernel Patches - updates security vulnerabilities of the kernel
Bug fixes - fixes software issues with improved system stability
Enhancement updates - adds a feature and improve performance
In Linux operating system we use package manager to install, update and remove software packages.
Package Manager examples: apt, yum, dnf
Let start demo….
Use case: Create a Shell Script which do’s the following
Checks for the available patches, then filter’s the security and bugfix patches and add their advisory id’s to before-patch-list-file.txt file
Read that file and apply patch for each with advisory id of the patch, after patch it will store that advisory id in after-patch-list-file.txt file
Checks for needs-rebooting or not if yes. It will reboot the server
Let’s connect to the EC2 Linux Instance and check for available updates in the ec2 server
dnf updateinfo list available
- Create a files with with touch command
touch before-patch-list-file.txt after-patch-list-file.txt
Install dnf utils with command sudo dnf install -y dnf-utils
Create a file for shell script “patchscript.sh” and open file with file editor like vi patchscript.sh
sudo dnf install -y dnf-utils
touch patchscript.sh
#!/bin/bash
#List all avilable security and bugfix patches and redirect their advisory id to before-patch-list-file.txt
dnf updateinfo list available | awk '/Sec/ || /bugfix/ {print $1}' > before-patch-list-file.txt
#Read before-patch-list-file.txt apply each patch and redirect applied patch advisory id to after-patch-list-file.txt
while read patch; do
dnf update --advisory="$patch" -y
echo "$patch" >> after-patch-list-file.txt
done < before-patch-list-file.txt
#Check for needs-rebooting or not
if needs-restarting -r | grep -q "Reboot is required"; then
echo "required reboot....rebooting the server"
reboot
else
echo "reboot is not required"
fi
Save this file by click esc button on keyboard and then enter :wq then click Enter
Run this script with bash patchscript.sh
bash patchscript.sh
It will updated all patches and reboot the system as reboot is required, as you can see here. The last boot time
As we updated all patches and we do not have any available patches, let me run again the shell script and see what result we get
Thanks for reading….. Feedback is appreciated!
