UBUNTU: Expanded Security Maintenance for Applications is not enabled.

[nelsonic]

Just logged into the Hetzner #97 VM and got the following message:

Welcome to Ubuntu 24.04.1 LTS (GNU/Linux 6.8.0-45-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/pro

 System information as of Sat Nov 30 06:50:15 AM UTC 2024

  System load:  0.14               Processes:             156
  Usage of /:   15.0% of 37.23GB   Users logged in:       0
  Memory usage: 19%                IPv4 address for eth0: 116.202.31.52
  Swap usage:   0%                 IPv6 address for eth0: 2a01:4f8:c013:47fa::1

Expanded Security Maintenance for Applications is not enabled.

33 updates can be applied immediately.
To see these additional updates run: apt list --upgradable

Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status


*** System restart required ***

Need to make sure all security/maintenance patches are automatically applied to the VM.

[nelsonic]

Reading: https://askubuntu.com/questions/1494660/esm-apps-are-disabled-even-though-they-are-enabled

Edit: sadly, not very helpful ...

[nelsonic]

Ah ... it's a support plan from Canonical ... https://ubuntu.com/security/esm
https://unix.stackexchange.com/questions/735556/expanded-security-maintenance-is-not-enabled-on-ubuntu-machine

They charge $500/machine/year ... 💸
https://ubuntu.com/pro/subscribe

Obviously I wouldn't mind paying this if we are making money from the servers. 💭
But during the setup phase of a project this is ridiculous! 💰 🔥

[nelsonic]

Instead ... just going to stick to the old manual update command: https://askubuntu.com/questions/733434/one-single-command-to-update-everything-in-ubuntu

[nelsonic]

The command:

sudo apt update -y && sudo apt full-upgrade -y && sudo apt autoremove -y && sudo apt clean -y && sudo apt autoclean -y

Tail of the output:

Scanning processes...                                                                      
Scanning candidates...                                                                     
Scanning linux images...                                                                   

Pending kernel upgrade!
Running kernel version:
  6.8.0-45-generic
Diagnostics:
  The currently running kernel version is not the expected kernel version
6.8.0-49-generic.

Restarting the system to load the new kernel will not be handled automatically, so you
should consider rebooting.

Restarting services...
 /etc/needrestart/restart.d/systemd-manager
 systemctl restart atd.service containerd.service cron.service packagekit.service ssh.service systemd-journald.service systemd-networkd.service systemd-resolved.service systemd-timesyncd.service systemd-udevd.service

Service restarts being deferred:
 /etc/needrestart/restart.d/dbus.service
 systemctl restart systemd-logind.service
 systemctl restart unattended-upgrades.service

No containers need to be restarted.

User sessions running outdated binaries:
 root @ user manager service: systemd[40610]

No VM guests are running outdated hypervisor (qemu) binaries on this host.
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done

[nelsonic]

exiting the ssh session and re-connecting, the message has changed to:

Welcome to Ubuntu 24.04.1 LTS (GNU/Linux 6.8.0-45-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/pro

 System information as of Sat Nov 30 07:26:27 AM UTC 2024

  System load:  0.05               Processes:             161
  Usage of /:   15.0% of 37.23GB   Users logged in:       0
  Memory usage: 19%                IPv4 address for eth0: 116.202.31.52
  Swap usage:   0%                 IPv6 address for eth0: 2a01:4f8:c013:47fa::1

Expanded Security Maintenance for Applications is not enabled.

0 updates can be applied immediately.

Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status


*** System restart required ***
Last login: Sat Nov 30 06:50:16 2024 from 82.155.24.7

There are no longer any updates require. 0 updates can be applied immediately.
But there is still a message saying:

*** System restart required ***

[nelsonic]

Following: https://askubuntu.com/questions/258297/should-restart-the-system-when-see-system-restart-required
Ran the command:

sudo reboot

Output:

Broadcast message from root@ubuntu-4gb-fsn1-2-deploy on pts/1 (Sat 2024-11-30 07:31:59 UTC):

The system will reboot now!

root@ubuntu-4gb-fsn1-2-deploy:~# Connection to 116.202.31.52 closed by remote host.
Connection to 116.202.31.52 closed.

[nelsonic]

Now when re-authenticating to the instance see:

Welcome to Ubuntu 24.04.1 LTS (GNU/Linux 6.8.0-49-generic x86_64)

 * Documentation:  https://help.ubuntu.com
 * Management:     https://landscape.canonical.com
 * Support:        https://ubuntu.com/pro

 System information as of Sat Nov 30 07:34:19 AM UTC 2024

  System load:  0.09               Processes:             162
  Usage of /:   14.9% of 37.23GB   Users logged in:       0
  Memory usage: 8%                 IPv4 address for eth0: 116.202.31.52
  Swap usage:   0%                 IPv6 address for eth0: 2a01:4f8:c013:47fa::1

Expanded Security Maintenance for Applications is not enabled.

0 updates can be applied immediately.

Enable ESM Apps to receive additional future security updates.
See https://ubuntu.com/esm or run: sudo pro status

Last login: Sat Nov 30 07:26:27 2024 from 82.155.24.7

[nelsonic]

So the server is fully up-to-date and restarted. ✅

Next: automate it!