/
Applying Pending Security Updates on SNS Nodes

Applying Pending Security Updates on SNS Nodes

Important Considerations

  • An active internet connection is required to update APT packages on the system.

  • A system reboot may be required if critical components (such as the Linux kernel) were updated during the process.

  • It is strongly recommended to perform these operations during a maintenance window or during off-peak hours to avoid service interruptions.

Overview

In some cases, the Cluster Security section of the web UI may display a warning stating:
"Pending operating system security updates have not yet been applied."

3d938bfb-ab6b-443c-8e7b-70a6bf1f2d85.png

This indicates that the operating system on the SNS node has not yet applied the latest available operating system security updates. While these settings are regularly applied through scheduled updates, applying them promptly helps maintain the overall security posture of the system.

This document provides step-by-step instructions to resolve this issue by identifying and applying the pending operating system security updates. These operations should be performed during a maintenance window or during non-peak hours to minimize service disruption.

Resolution Steps

Follow the instructions below to apply the pending security settings:

  1. Connect to the Node via SSH.

    1. Use SSH to log in to the target machine.

      ssh <username>@<server-ip>

    2. Switch to the Root User.

      sudo -i

  2. Check for Pending application package updates that are classed as security. Run the following command to view packages with pending security-related updates:

    apt list --upgradable | grep security
    image-20250708-083907.png

This lists all packages that have security settings available.

  1. Update Package Lists: Ensure the package database is up to date before applying settings.

    sudo apt-get update
    image-20250708-084043.png

  1. Apply Security Updates.

    1. Upgrade all upgradable packages, including those related to security.

      sudo apt-get upgrade

    2. You may be prompted to confirm the upgrade process. Review the list of packages and type Y to proceed.

      image-20250708-084709.png

    3. During the upgrade process, you may encounter prompts related to configuration files, such as:

      image-20250708-113621.png

      When you see this prompt, it is recommended to click N to keep your current configuration file.
      This helps preserve any custom or environment-specific settings you may have applied, and prevents them from being overwritten by the default package version.

    4. You might also see a screen asking to restart services. Use the Tab key to highlight OK, then click Enter to continue.

      image-20250708-095527.png

  2. After completing the upgrade, verify if any settings are still pending. If no output is returned, all relevant security settings have been applied.

    apt list --upgradable | grep security
    image-20250725-071938.png

  3. If some packages are still listed, upgrade them individually using the following command format. Example Command:

    apt upgrade linux-generic
    image-20250725-072058.png

  4. Once all settings have been applied, refresh the Cluster Security section in the UI. The warning message "Pending operating system security updates have not yet been applied" should no longer be visible.