Update: per sparks' comment, I should note that 'aptitude' can be used in place of 'apt-get' in my answer below, with one exception: 'apt-get upgrade' would be replaced by 'aptitude safe-upgrade'. The aptitude front-end to APT has some nice features compared to apt-get, as outlined in this blog post. However, if you've already got a system that you've been managing with apt-get, you can certainly continue using apt-get, and probably should. We don't do a lot of software installation / uninstallation on a server, so I don't find the use of aptitude to be of critical importance, but if I was to fire up a brand new server today I would probably use it.
The latest Ubuntu Server documentation still details using apt-get, and only discusses aptitude as a graphical front end to APT. While this is certainly an oversight, it certainly does imply that there's nothing wrong with using apt-get.
I use Ubuntu's unattended-upgrades package to automatically apply security updates. Here are my notes on setting it up (on an Ubuntu 8.04 LTS server):
$apt-get install unattended-upgrades update-notifier-common
Edit /etc/apt/apt.conf/50unattended-upgrades. Select only security upgrades, and set mail address
Unattended-Upgrade::Allowed-Origins {
"Ubuntu hardy-security";
// "Ubuntu hardy-updates";
};
Unattended-Upgrade::Mail "youremail@yourdomain.com";
Install mailx (required for unattended-upgrades mail to work)
$apt-get install mailx
Edit /etc/apt/apt.conf.d/10periodic :
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "1";
APT::Periodic::Unattended-Upgrade "1";
Using this configuration, security updates will be automatically applied, and the list of updates will be emailed to you. While it may be considered dangerous to automatically apply any update, I believe that keeping up with security updates is a task worthy of the risk... and franky, "keeping up" requires automation.
As far as keeping packages up to date, I asked a question to clarify the meaning of dist-upgrade that you might find applicable. Basically, when you do an apt-get upgrade, installed packages will be upgraded only if the upgrade doesn't require new packages or the removal of a package (e.g. the dependencies don't change). If an upgraded package has new dependencies, then you need to use apt-get dist-upgrade instead. Since apt-get dist-upgrade also does everything that apt-get upgrade does, I typically use it by default. It's important to keep an eye on which packages are going to be modified and take any precautions you may find necessary.
In short:
apt-get update
apt-get dist-upgrade
If I'm nervous about what dist-upgrade wants to do, I'll do:
apt-get update
apt-get upgrade
To at least upgrade packages that don't have new dependencies until I do a little research. There's always a chance that something will break no matter what you do, however, so you just gotta have some faith :)
As a final note, as long as you're applying security updates, and you trust that Canonical is doing a good job keeping things patched, you may find it's not terribly necessary to keep packages up to date. If the server is working without fault, well... it's working.
Usually, in this case you would want to use apt-get dist-upgrade
If you do not wish to run dist-upgrade by fear of breaking something by an accident removal, you can also tell apt-get to upgrade only the packages that were kept back, like this:
In your case:
sudo apt-get install linux-headers-server linux-image-server linux-server
Just specify the packages from the list that apt-get gave you (i.e. "The following packages have been kept back").
Best Answer
That banner you're talking about is called MOTD (Message Of The Day). It appears to be a bug which can be work-arounded by deleting the
/etc/motd.tailfile.