【情報収集】OpenSSHに関する脆弱性「CVE-2024-6387」について調べてみた

こんにちは、キクです。

本記事は、僕が情報収集で学んだことをアウトプットするシリーズになります。

今回は先日公表されたOpenSSHの脆弱性『CVE-2024-6387』について書いていこうと思います。

本記事の内容

CVE-2024-6387とは
影響のあるバージョン
修正済みバージョン
解決策 / 緩和策
ローカル環境での実機確認
- CentOS 7
- Ubuntu 22.04
参考情報

それでは、よろしくお願いします。

注意事項

本記事の内容は個人レベルでの情報収集が目的です。

そのため、本記事には網羅性の欠如や誤った情報が含まれる可能性もありますが、ご了承ください。

CVE-2024-6387とは

2024年7月1日に発表されたOpenSSHに関する脆弱性（レベル：Critical）

主な影響

リモートから認証なしで任意コードを実行される可能性（RCE）
リモートからSSHDのクラッシュを引き起こされる可能性

今回の件は、2006年に報告された脆弱性「CVE-2006-5051」の回帰策に起因していることが判明。
回帰の意味合いとしては、一度修正された欠陥がその後の変更やアップデートにより意図せず再投入されてしまったことを指す。

具体的には2020年10月に導入された「OpenSSH 8.5p1」により回帰しており、今回の事象の「影響あり」とされているバージョンである。

影響のあるバージョン

以下のバージョンが「脆弱性あり」とされている。

脆弱性のあるバージョン

OpenSSH 4.4p1未満

CVE-2006-5051およびCVE-2008-4109のパッチが適用されていなければ脆弱性あり

OpenSSH 8.5p1 ～ 9.7p1

回帰バグにより脆弱性が発生

以下のバージョンは「CVE-2006-5051」および「CVE-2008-4109」のパッチが適用済みのバージョンであるため「脆弱性なし」とされている。

脆弱性のないバージョン

OpenSSH 4.4p1 ～ 8.5p1未満

修正済みバージョン

各ディストリビュージョンおよびOSバージョンによって異なる。

本件に関する各ディストリビュージョン毎の対応方法は、以下のリンクから確認することができる。

Red Hat Enterprise Linux / CentOS
https://access.redhat.com/security/cve/CVE-2024-6387
Ubuntu
https://ubuntu.com/security/CVE-2024-6387
Debian
https://security-tracker.debian.org/tracker/CVE-2024-6387
SUSE / openSUSE
https://www.suse.com/security/cve/CVE-2024-6387.html

解決策 / 緩和策

最も確実性が高いのは「CVE-2024-6387」の修正済みバージョンに上げてしまうことではあるが、即時実行するのが難しい環境もある。

SSHの設定ファイル「sshd_config」において「LoginGraceTime」という項目を修正/追加するという緩和策もあるとのこと。

[原文]
Set LoginGraceTime to 0 in /etc/ssh/sshd_config.
This makes sshd vulnerable to a denial of service (the exhaustion of all MaxStartups connections),
but it makes it safe from this vulnerability.

[翻訳]
/etc/ssh/sshd_config で LoginGraceTime を 0 に設定します。
これにより、sshd はサービス拒否 (すべての MaxStartups 接続の枯渇) に対して脆弱になりますが、
この脆弱性からは保護されます。
参考：CVE-2024-6387（Ubuntu）

ローカル環境での実機確認

ローカルに以下2つの学習用環境があったので、試しに確認と対応を行ってみました。

CentOS 7
Ubuntu 22.04

CentOS 7

[root@server-centos ~]# cat /etc/os-release
NAME="CentOS Linux"
VERSION="7 (Core)"
ID="centos"
ID_LIKE="rhel fedora"
VERSION_ID="7"
PRETTY_NAME="CentOS Linux 7 (Core)"
ANSI_COLOR="0;31"
CPE_NAME="cpe:/o:centos:centos:7"
HOME_URL="<https://www.centos.org/>"
BUG_REPORT_URL="<https://bugs.centos.org/>"

CENTOS_MANTISBT_PROJECT="CentOS-7"
CENTOS_MANTISBT_PROJECT_VERSION="7"
REDHAT_SUPPORT_PRODUCT="centos"
REDHAT_SUPPORT_PRODUCT_VERSION="7"

導入済みパッケージバージョンの確認

[root@server-centos ~]# rpm -qa | grep openssh
openssh-server-7.4p1-23.el7_9.x86_64
openssh-7.4p1-23.el7_9.x86_64
openssh-clients-7.4p1-23.el7_9.x86_64

本件の「影響ありのバージョン」に含まれないバージョンであるため対応不要であることが分かる。

Ubuntu 22.04

root@server-ubuntu:~# cat /etc/os-release
PRETTY_NAME="Ubuntu 22.04.4 LTS"
NAME="Ubuntu"
VERSION_ID="22.04"
VERSION="22.04.4 LTS (Jammy Jellyfish)"
VERSION_CODENAME=jammy
ID=ubuntu
ID_LIKE=debian
HOME_URL="<https://www.ubuntu.com/>"
SUPPORT_URL="<https://help.ubuntu.com/>"
BUG_REPORT_URL="<https://bugs.launchpad.net/ubuntu/>"
PRIVACY_POLICY_URL="<https://www.ubuntu.com/legal/terms-and-policies/privacy-policy>"
UBUNTU_CODENAME=jammy

導入済みパッケージバージョンの確認

root@server-ubuntu:~# dpkg -l | grep openssh
ii  openssh-client                         1:8.9p1-3ubuntu0.6                      amd64        secure shell (SSH) client, for secure access to remote machines
ii  openssh-server                         1:8.9p1-3ubuntu0.6                      amd64        secure shell (SSH) server, for secure access from remote machines
ii  openssh-sftp-server                    1:8.9p1-3ubuntu0.6                      amd64        secure shell (SSH) sftp server module, for SFTP access from remote machines

影響のあるバージョン「OpenSSH 8.5p1～9.7p1」に含まれるため、対応が必要なバージョンであることが分かる。

以下の情報より、作業環境である「Ubuntu 22.04」においては「1:8.9p1-3ubuntu0.10」にて本件に関する修正が行われていることが分かる。

出典：USN-6859-1: OpenSSH vulnerability

今回はこのバージョンになるように作業を行う。

root@server-ubuntu:~# apt list --upgradable |grep openssh

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

openssh-client/jammy-updates,jammy-security 1:8.9p1-3ubuntu0.7 amd64 [upgradable from: 1:8.9p1-3ubuntu0.6]
openssh-server/jammy-updates,jammy-security 1:8.9p1-3ubuntu0.7 amd64 [upgradable from: 1:8.9p1-3ubuntu0.6]
openssh-sftp-server/jammy-updates,jammy-security 1:8.9p1-3ubuntu0.7 amd64 [upgradable from: 1:8.9p1-3ubuntu0.6]

現在のままだと「8.9p1-3ubuntu0.7」までしか上げることができない。

そのため、以下のコマンドでバージョンアップ可能なパッケージリストを更新する。

root@server-ubuntu:~# apt update

実行例

root@server-ubuntu:~# apt update
Get:1 http://security.ubuntu.com/ubuntu jammy-security InRelease [129 kB]
Hit:2 http://jp.archive.ubuntu.com/ubuntu jammy InRelease
Get:3 http://jp.archive.ubuntu.com/ubuntu jammy-updates InRelease [128 kB]
Get:4 http://jp.archive.ubuntu.com/ubuntu jammy-backports InRelease [127 kB]
Get:5 http://security.ubuntu.com/ubuntu jammy-security/main amd64 Packages [1,579 kB]
Get:6 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 Packages [1,789 kB]
Get:7 http://security.ubuntu.com/ubuntu jammy-security/main Translation-en [268 kB]
Get:8 http://security.ubuntu.com/ubuntu jammy-security/restricted amd64 Packages [2,021 kB]
Get:9 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main Translation-en [325 kB]
Get:10 http://jp.archive.ubuntu.com/ubuntu jammy-updates/restricted amd64 Packages [2,082 kB]
Get:11 http://security.ubuntu.com/ubuntu jammy-security/restricted Translation-en [345 kB]
Get:12 http://security.ubuntu.com/ubuntu jammy-security/universe amd64 Packages [878 kB]
Get:13 http://security.ubuntu.com/ubuntu jammy-security/universe Translation-en [171 kB]
Get:14 http://security.ubuntu.com/ubuntu jammy-security/multiverse amd64 Packages [37.2 kB]
Get:15 http://jp.archive.ubuntu.com/ubuntu jammy-updates/restricted Translation-en [354 kB]
Get:16 http://jp.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 Packages [1,095 kB]
Get:17 http://jp.archive.ubuntu.com/ubuntu jammy-updates/universe Translation-en [254 kB]
Get:18 http://jp.archive.ubuntu.com/ubuntu jammy-updates/multiverse amd64 Packages [43.3 kB]
Get:19 http://jp.archive.ubuntu.com/ubuntu jammy-updates/multiverse Translation-en [10.8 kB]
Get:20 http://jp.archive.ubuntu.com/ubuntu jammy-backports/main amd64 Packages [67.1 kB]
Get:21 http://jp.archive.ubuntu.com/ubuntu jammy-backports/universe amd64 Packages [27.6 kB]
Get:22 http://jp.archive.ubuntu.com/ubuntu jammy-backports/universe Translation-en [16.5 kB]
Fetched 11.7 MB in 11s (1,088 kB/s)
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
57 packages can be upgraded. Run 'apt list --upgradable' to see them.

再度確認すると「8.9p1-3ubuntu0.10」まで上げることができるようになった。

root@server-ubuntu:~# apt list --upgradable |grep openssh

WARNING: apt does not have a stable CLI interface. Use with caution in scripts.

openssh-client/jammy-updates,jammy-security 1:8.9p1-3ubuntu0.10 amd64 [upgradable from: 1:8.9p1-3ubuntu0.6]
openssh-server/jammy-updates,jammy-security 1:8.9p1-3ubuntu0.10 amd64 [upgradable from: 1:8.9p1-3ubuntu0.6]
openssh-sftp-server/jammy-updates,jammy-security 1:8.9p1-3ubuntu0.10 amd64 [upgradable from: 1:8.9p1-3ubuntu0.6]

実際にOpenSSHのパッケージをバージョンアップしていく。

root@server-ubuntu:~# apt-get upgrade openssh-server

実行例

root@server-ubuntu:~# apt-get upgrade openssh-server
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following packages have been kept back:
  linux-generic linux-headers-generic linux-image-generic python3-update-manager ubuntu-advantage-tools ubuntu-pro-client-l10n update-manager-core
The following packages will be upgraded:
  apt apt-utils bind9-dnsutils bind9-host bind9-libs cloud-init containerd coreutils docker.io dpkg ethtool git git-man intel-microcode landscape-common
  libapt-pkg6.0 libarchive13 libc-bin libc6 libgpgme11 libldap-2.5-0 libldap-common libnetplan0 libssl3 libtss2-esys-3.0.2-0 libtss2-mu0 libtss2-sys1
  libtss2-tcti-cmd0 libtss2-tcti-device0 libtss2-tcti-mssim0 libtss2-tcti-swtpm0 linux-firmware locales netplan.io openssh-client openssh-server
  openssh-sftp-server openssl python3-idna python3-jinja2 runc snapd tcpdump update-notifier-common vim vim-common vim-runtime vim-tiny wget xxd
50 upgraded, 0 newly installed, 0 to remove and 7 not upgraded.
Need to get 411 MB of archives.
After this operation, 22.9 MB of additional disk space will be used.
Do you want to continue? [Y/n] y
Get:1 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 coreutils amd64 8.32-4.1ubuntu1.2 [1,437 kB]
Get:2 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libc6 amd64 2.35-0ubuntu3.8 [3,235 kB]
Get:3 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libapt-pkg6.0 amd64 2.4.12 [912 kB]
Get:4 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 dpkg amd64 1.21.1ubuntu2.3 [1,239 kB]
Get:5 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libc-bin amd64 2.35-0ubuntu3.8 [706 kB]
Get:6 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 apt amd64 2.4.12 [1,363 kB]
Get:7 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 apt-utils amd64 2.4.12 [211 kB]
Get:8 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 git-man all 1:2.34.1-1ubuntu1.11 [955 kB]
Get:9 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 git amd64 1:2.34.1-1ubuntu1.11 [3,165 kB]
Get:10 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libssl3 amd64 3.0.2-0ubuntu1.16 [1,905 kB]
Get:11 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 openssh-sftp-server amd64 1:8.9p1-3ubuntu0.10 [38.9 kB]
Get:12 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 openssh-server amd64 1:8.9p1-3ubuntu0.10 [435 kB]
Get:13 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 openssh-client amd64 1:8.9p1-3ubuntu0.10 [906 kB]
Get:14 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 update-notifier-common all 3.192.54.8 [185 kB]
Get:15 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 netplan.io amd64 0.106.1-7ubuntu0.22.04.4 [106 kB]
Get:16 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libnetplan0 amd64 0.106.1-7ubuntu0.22.04.4 [111 kB]
Get:17 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 locales all 2.35-0ubuntu3.8 [4,245 kB]
Get:18 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 openssl amd64 3.0.2-0ubuntu1.16 [1,186 kB]
Get:19 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 vim amd64 2:8.2.3995-1ubuntu2.17 [1,734 kB]
Get:20 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 vim-tiny amd64 2:8.2.3995-1ubuntu2.17 [709 kB]
Get:21 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 vim-runtime all 2:8.2.3995-1ubuntu2.17 [6,827 kB]
Get:22 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 xxd amd64 2:8.2.3995-1ubuntu2.17 [53.7 kB]
Get:23 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 vim-common all 2:8.2.3995-1ubuntu2.17 [81.5 kB]
Get:24 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 bind9-host amd64 1:9.18.24-0ubuntu0.22.04.1 [52.5 kB]
Get:25 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 bind9-dnsutils amd64 1:9.18.24-0ubuntu0.22.04.1 [157 kB]
Get:26 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 bind9-libs amd64 1:9.18.24-0ubuntu0.22.04.1 [1,247 kB]
Get:27 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 tcpdump amd64 4.99.1-3ubuntu0.2 [501 kB]
Get:28 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 wget amd64 1.21.2-2ubuntu1.1 [339 kB]
Get:29 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 runc amd64 1.1.12-0ubuntu2~22.04.1 [8,405 kB]
Get:30 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 containerd amd64 1.7.12-0ubuntu2~22.04.1 [37.8 MB]
Get:31 http://jp.archive.ubuntu.com/ubuntu jammy-updates/universe amd64 docker.io amd64 24.0.7-0ubuntu2~22.04.1 [28.8 MB]
Get:32 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 ethtool amd64 1:5.16-1ubuntu0.1 [207 kB]
Get:33 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 landscape-common amd64 23.02-0ubuntu1~22.04.2 [88.7 kB]
Get:34 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libarchive13 amd64 3.6.0-1ubuntu1.1 [369 kB]
Get:35 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libgpgme11 amd64 1.16.0-1.2ubuntu4.2 [136 kB]
Get:36 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libldap-2.5-0 amd64 2.5.17+dfsg-0ubuntu0.22.04.1 [183 kB]
Get:37 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libldap-common all 2.5.17+dfsg-0ubuntu0.22.04.1 [15.8 kB]
Get:38 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libtss2-mu0 amd64 3.2.0-1ubuntu1.1 [65.6 kB]
Get:39 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libtss2-tcti-cmd0 amd64 3.2.0-1ubuntu1.1 [16.7 kB]
Get:40 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libtss2-tcti-device0 amd64 3.2.0-1ubuntu1.1 [15.3 kB]
Get:41 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libtss2-tcti-mssim0 amd64 3.2.0-1ubuntu1.1 [15.4 kB]
Get:42 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libtss2-tcti-swtpm0 amd64 3.2.0-1ubuntu1.1 [15.4 kB]
Get:43 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libtss2-sys1 amd64 3.2.0-1ubuntu1.1 [41.0 kB]
Get:44 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 libtss2-esys-3.0.2-0 amd64 3.2.0-1ubuntu1.1 [150 kB]
Get:45 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 linux-firmware all 20220329.git681281e4-0ubuntu3.31 [267 MB]
Get:46 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 python3-idna all 3.3-1ubuntu0.1 [52.1 kB]
Get:47 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 python3-jinja2 all 3.0.3-1ubuntu0.2 [108 kB]
Get:48 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 snapd amd64 2.63+22.04 [25.9 MB]
Get:49 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 cloud-init all 24.1.3-0ubuntu1~22.04.5 [560 kB]
Get:50 http://jp.archive.ubuntu.com/ubuntu jammy-updates/main amd64 intel-microcode amd64 3.20240514.0ubuntu0.22.04.1 [6,856 kB]
Fetched 411 MB in 4min 41s (1,463 kB/s)
Extracting templates from packages: 100%
Preconfiguring packages ...
(Reading database ... 111869 files and directories currently installed.)
Preparing to unpack .../coreutils_8.32-4.1ubuntu1.2_amd64.deb ...
Unpacking coreutils (8.32-4.1ubuntu1.2) over (8.32-4.1ubuntu1.1) ...
Setting up coreutils (8.32-4.1ubuntu1.2) ...
(Reading database ... 111869 files and directories currently installed.)
Preparing to unpack .../libc6_2.35-0ubuntu3.8_amd64.deb ...
Unpacking libc6:amd64 (2.35-0ubuntu3.8) over (2.35-0ubuntu3.7) ...
Setting up libc6:amd64 (2.35-0ubuntu3.8) ...
(Reading database ... 111869 files and directories currently installed.)
Preparing to unpack .../libapt-pkg6.0_2.4.12_amd64.deb ...
Unpacking libapt-pkg6.0:amd64 (2.4.12) over (2.4.11) ...
Setting up libapt-pkg6.0:amd64 (2.4.12) ...
(Reading database ... 111869 files and directories currently installed.)
Preparing to unpack .../dpkg_1.21.1ubuntu2.3_amd64.deb ...
Unpacking dpkg (1.21.1ubuntu2.3) over (1.21.1ubuntu2.2) ...
Setting up dpkg (1.21.1ubuntu2.3) ...
dpkg-db-backup.service is a disabled or a static unit not running, not starting it.
(Reading database ... 111869 files and directories currently installed.)
Preparing to unpack .../libc-bin_2.35-0ubuntu3.8_amd64.deb ...
Unpacking libc-bin (2.35-0ubuntu3.8) over (2.35-0ubuntu3.7) ...
Setting up libc-bin (2.35-0ubuntu3.8) ...
(Reading database ... 111869 files and directories currently installed.)
Preparing to unpack .../archives/apt_2.4.12_amd64.deb ...
Unpacking apt (2.4.12) over (2.4.11) ...
Setting up apt (2.4.12) ...
(Reading database ... 111869 files and directories currently installed.)
Preparing to unpack .../apt-utils_2.4.12_amd64.deb ...
Unpacking apt-utils (2.4.12) over (2.4.11) ...
Preparing to unpack .../git-man_1%3a2.34.1-1ubuntu1.11_all.deb ...
Unpacking git-man (1:2.34.1-1ubuntu1.11) over (1:2.34.1-1ubuntu1.10) ...
Preparing to unpack .../git_1%3a2.34.1-1ubuntu1.11_amd64.deb ...
Unpacking git (1:2.34.1-1ubuntu1.11) over (1:2.34.1-1ubuntu1.10) ...
Preparing to unpack .../libssl3_3.0.2-0ubuntu1.16_amd64.deb ...
Unpacking libssl3:amd64 (3.0.2-0ubuntu1.16) over (3.0.2-0ubuntu1.15) ...
Setting up libssl3:amd64 (3.0.2-0ubuntu1.16) ...
(Reading database ... 111869 files and directories currently installed.)
Preparing to unpack .../00-openssh-sftp-server_1%3a8.9p1-3ubuntu0.10_amd64.deb ...
Unpacking openssh-sftp-server (1:8.9p1-3ubuntu0.10) over (1:8.9p1-3ubuntu0.6) ...
Preparing to unpack .../01-openssh-server_1%3a8.9p1-3ubuntu0.10_amd64.deb ...
Unpacking openssh-server (1:8.9p1-3ubuntu0.10) over (1:8.9p1-3ubuntu0.6) ...
Preparing to unpack .../02-openssh-client_1%3a8.9p1-3ubuntu0.10_amd64.deb ...
Unpacking openssh-client (1:8.9p1-3ubuntu0.10) over (1:8.9p1-3ubuntu0.6) ...
Preparing to unpack .../03-update-notifier-common_3.192.54.8_all.deb ...
Unpacking update-notifier-common (3.192.54.8) over (3.192.54.6) ...
Preparing to unpack .../04-netplan.io_0.106.1-7ubuntu0.22.04.4_amd64.deb ...
Unpacking netplan.io (0.106.1-7ubuntu0.22.04.4) over (0.106.1-7ubuntu0.22.04.2) ...
Preparing to unpack .../05-libnetplan0_0.106.1-7ubuntu0.22.04.4_amd64.deb ...
Unpacking libnetplan0:amd64 (0.106.1-7ubuntu0.22.04.4) over (0.106.1-7ubuntu0.22.04.2) ...
Preparing to unpack .../06-locales_2.35-0ubuntu3.8_all.deb ...
Unpacking locales (2.35-0ubuntu3.8) over (2.35-0ubuntu3.7) ...
Preparing to unpack .../07-openssl_3.0.2-0ubuntu1.16_amd64.deb ...
Unpacking openssl (3.0.2-0ubuntu1.16) over (3.0.2-0ubuntu1.15) ...
Preparing to unpack .../08-vim_2%3a8.2.3995-1ubuntu2.17_amd64.deb ...
Unpacking vim (2:8.2.3995-1ubuntu2.17) over (2:8.2.3995-1ubuntu2.16) ...
Preparing to unpack .../09-vim-tiny_2%3a8.2.3995-1ubuntu2.17_amd64.deb ...
Unpacking vim-tiny (2:8.2.3995-1ubuntu2.17) over (2:8.2.3995-1ubuntu2.16) ...
Preparing to unpack .../10-vim-runtime_2%3a8.2.3995-1ubuntu2.17_all.deb ...
Unpacking vim-runtime (2:8.2.3995-1ubuntu2.17) over (2:8.2.3995-1ubuntu2.16) ...
Preparing to unpack .../11-xxd_2%3a8.2.3995-1ubuntu2.17_amd64.deb ...
Unpacking xxd (2:8.2.3995-1ubuntu2.17) over (2:8.2.3995-1ubuntu2.16) ...
Preparing to unpack .../12-vim-common_2%3a8.2.3995-1ubuntu2.17_all.deb ...
Unpacking vim-common (2:8.2.3995-1ubuntu2.17) over (2:8.2.3995-1ubuntu2.16) ...
Preparing to unpack .../13-bind9-host_1%3a9.18.24-0ubuntu0.22.04.1_amd64.deb ...
Unpacking bind9-host (1:9.18.24-0ubuntu0.22.04.1) over (1:9.18.18-0ubuntu0.22.04.2) ...
Preparing to unpack .../14-bind9-dnsutils_1%3a9.18.24-0ubuntu0.22.04.1_amd64.deb ...
Unpacking bind9-dnsutils (1:9.18.24-0ubuntu0.22.04.1) over (1:9.18.18-0ubuntu0.22.04.2) ...
Preparing to unpack .../15-bind9-libs_1%3a9.18.24-0ubuntu0.22.04.1_amd64.deb ...
Unpacking bind9-libs:amd64 (1:9.18.24-0ubuntu0.22.04.1) over (1:9.18.18-0ubuntu0.22.04.2) ...
Preparing to unpack .../16-tcpdump_4.99.1-3ubuntu0.2_amd64.deb ...
Unpacking tcpdump (4.99.1-3ubuntu0.2) over (4.99.1-3ubuntu0.1) ...
Preparing to unpack .../17-wget_1.21.2-2ubuntu1.1_amd64.deb ...
Unpacking wget (1.21.2-2ubuntu1.1) over (1.21.2-2ubuntu1) ...
Preparing to unpack .../18-runc_1.1.12-0ubuntu2~22.04.1_amd64.deb ...
Unpacking runc (1.1.12-0ubuntu2~22.04.1) over (1.1.7-0ubuntu1~22.04.2) ...
Preparing to unpack .../19-containerd_1.7.12-0ubuntu2~22.04.1_amd64.deb ...
Unpacking containerd (1.7.12-0ubuntu2~22.04.1) over (1.7.2-0ubuntu1~22.04.1) ...
Preparing to unpack .../20-docker.io_24.0.7-0ubuntu2~22.04.1_amd64.deb ...
Unpacking docker.io (24.0.7-0ubuntu2~22.04.1) over (24.0.5-0ubuntu1~22.04.1) ...
Preparing to unpack .../21-ethtool_1%3a5.16-1ubuntu0.1_amd64.deb ...
Unpacking ethtool (1:5.16-1ubuntu0.1) over (1:5.16-1) ...
Preparing to unpack .../22-landscape-common_23.02-0ubuntu1~22.04.2_amd64.deb ...
Unpacking landscape-common (23.02-0ubuntu1~22.04.2) over (19.12-0ubuntu13) ...
Preparing to unpack .../23-libarchive13_3.6.0-1ubuntu1.1_amd64.deb ...
Unpacking libarchive13:amd64 (3.6.0-1ubuntu1.1) over (3.6.0-1ubuntu1) ...
Preparing to unpack .../24-libgpgme11_1.16.0-1.2ubuntu4.2_amd64.deb ...
Unpacking libgpgme11:amd64 (1.16.0-1.2ubuntu4.2) over (1.16.0-1.2ubuntu4.1) ...
Preparing to unpack .../25-libldap-2.5-0_2.5.17+dfsg-0ubuntu0.22.04.1_amd64.deb ...
Unpacking libldap-2.5-0:amd64 (2.5.17+dfsg-0ubuntu0.22.04.1) over (2.5.16+dfsg-0ubuntu0.22.04.2) ...
Preparing to unpack .../26-libldap-common_2.5.17+dfsg-0ubuntu0.22.04.1_all.deb ...
Unpacking libldap-common (2.5.17+dfsg-0ubuntu0.22.04.1) over (2.5.16+dfsg-0ubuntu0.22.04.2) ...
Preparing to unpack .../27-libtss2-mu0_3.2.0-1ubuntu1.1_amd64.deb ...
Unpacking libtss2-mu0:amd64 (3.2.0-1ubuntu1.1) over (3.2.0-1ubuntu1) ...
Preparing to unpack .../28-libtss2-tcti-cmd0_3.2.0-1ubuntu1.1_amd64.deb ...
Unpacking libtss2-tcti-cmd0:amd64 (3.2.0-1ubuntu1.1) over (3.2.0-1ubuntu1) ...
Preparing to unpack .../29-libtss2-tcti-device0_3.2.0-1ubuntu1.1_amd64.deb ...
Unpacking libtss2-tcti-device0:amd64 (3.2.0-1ubuntu1.1) over (3.2.0-1ubuntu1) ...
Preparing to unpack .../30-libtss2-tcti-mssim0_3.2.0-1ubuntu1.1_amd64.deb ...
Unpacking libtss2-tcti-mssim0:amd64 (3.2.0-1ubuntu1.1) over (3.2.0-1ubuntu1) ...
Preparing to unpack .../31-libtss2-tcti-swtpm0_3.2.0-1ubuntu1.1_amd64.deb ...
Unpacking libtss2-tcti-swtpm0:amd64 (3.2.0-1ubuntu1.1) over (3.2.0-1ubuntu1) ...
Preparing to unpack .../32-libtss2-sys1_3.2.0-1ubuntu1.1_amd64.deb ...
Unpacking libtss2-sys1:amd64 (3.2.0-1ubuntu1.1) over (3.2.0-1ubuntu1) ...
Preparing to unpack .../33-libtss2-esys-3.0.2-0_3.2.0-1ubuntu1.1_amd64.deb ...
Unpacking libtss2-esys-3.0.2-0:amd64 (3.2.0-1ubuntu1.1) over (3.2.0-1ubuntu1) ...
Preparing to unpack .../34-linux-firmware_20220329.git681281e4-0ubuntu3.31_all.deb ...
Unpacking linux-firmware (20220329.git681281e4-0ubuntu3.31) over (20220329.git681281e4-0ubuntu3.29) ...
Preparing to unpack .../35-python3-idna_3.3-1ubuntu0.1_all.deb ...
Unpacking python3-idna (3.3-1ubuntu0.1) over (3.3-1) ...
Preparing to unpack .../36-python3-jinja2_3.0.3-1ubuntu0.2_all.deb ...
Unpacking python3-jinja2 (3.0.3-1ubuntu0.2) over (3.0.3-1ubuntu0.1) ...
Preparing to unpack .../37-snapd_2.63+22.04_amd64.deb ...
Unpacking snapd (2.63+22.04) over (2.58+22.04.1) ...
Preparing to unpack .../38-cloud-init_24.1.3-0ubuntu1~22.04.5_all.deb ...
Unpacking cloud-init (24.1.3-0ubuntu1~22.04.5) over (23.3.3-0ubuntu0~22.04.1) ...
Preparing to unpack .../39-intel-microcode_3.20240514.0ubuntu0.22.04.1_amd64.deb ...
Unpacking intel-microcode (3.20240514.0ubuntu0.22.04.1) over (3.20231114.0ubuntu0.22.04.1) ...
Setting up tcpdump (4.99.1-3ubuntu0.2) ...
Installing new version of config file /etc/apparmor.d/usr.bin.tcpdump ...
Setting up apt-utils (2.4.12) ...
Setting up wget (1.21.2-2ubuntu1.1) ...
Setting up bind9-libs:amd64 (1:9.18.24-0ubuntu0.22.04.1) ...
Setting up linux-firmware (20220329.git681281e4-0ubuntu3.31) ...
update-initramfs: Generating /boot/initrd.img-5.15.0-107-generic
update-initramfs: Generating /boot/initrd.img-5.15.0-105-generic
Setting up libarchive13:amd64 (3.6.0-1ubuntu1.1) ...
Setting up openssh-client (1:8.9p1-3ubuntu0.10) ...
Setting up update-notifier-common (3.192.54.8) ...
update-notifier-download.service is a disabled or a static unit not running, not starting it.
update-notifier-motd.service is a disabled or a static unit not running, not starting it.
Setting up intel-microcode (3.20240514.0ubuntu0.22.04.1) ...
update-initramfs: deferring update (trigger activated)
intel-microcode: microcode will be updated at next boot
Setting up libtss2-mu0:amd64 (3.2.0-1ubuntu1.1) ...
Setting up libtss2-tcti-swtpm0:amd64 (3.2.0-1ubuntu1.1) ...
Setting up libnetplan0:amd64 (0.106.1-7ubuntu0.22.04.4) ...
Setting up locales (2.35-0ubuntu3.8) ...
Generating locales (this might take a while)...
  en_US.UTF-8... done
Generation complete.
Setting up landscape-common (23.02-0ubuntu1~22.04.2) ...
Setting up libldap-common (2.5.17+dfsg-0ubuntu0.22.04.1) ...
Setting up libgpgme11:amd64 (1.16.0-1.2ubuntu4.2) ...
Setting up libldap-2.5-0:amd64 (2.5.17+dfsg-0ubuntu0.22.04.1) ...
Setting up xxd (2:8.2.3995-1ubuntu2.17) ...
Setting up libtss2-tcti-device0:amd64 (3.2.0-1ubuntu1.1) ...
Setting up runc (1.1.12-0ubuntu2~22.04.1) ...
Setting up netplan.io (0.106.1-7ubuntu0.22.04.4) ...
Setting up python3-jinja2 (3.0.3-1ubuntu0.2) ...
Setting up libtss2-tcti-cmd0:amd64 (3.2.0-1ubuntu1.1) ...
Setting up vim-common (2:8.2.3995-1ubuntu2.17) ...
Setting up python3-idna (3.3-1ubuntu0.1) ...
Setting up libtss2-tcti-mssim0:amd64 (3.2.0-1ubuntu1.1) ...
Setting up git-man (1:2.34.1-1ubuntu1.11) ...
Setting up vim-runtime (2:8.2.3995-1ubuntu2.17) ...
Setting up containerd (1.7.12-0ubuntu2~22.04.1) ...
Setting up bind9-host (1:9.18.24-0ubuntu0.22.04.1) ...
Setting up openssl (3.0.2-0ubuntu1.16) ...
Setting up ethtool (1:5.16-1ubuntu0.1) ...
Setting up snapd (2.63+22.04) ...
Installing new version of config file /etc/apparmor.d/usr.lib.snapd.snap-confine.real ...
snapd.failure.service is a disabled or a static unit not running, not starting it.
snapd.snap-repair.service is a disabled or a static unit not running, not starting it.
Failed to restart snapd.mounts-pre.target: Operation refused, unit snapd.mounts-pre.target may be requested by dependency only (it is configured to refuse manual start/stop).
See system logs and 'systemctl status snapd.mounts-pre.target' for details.
Could not execute systemctl:  at /usr/bin/deb-systemd-invoke line 142.
Setting up openssh-sftp-server (1:8.9p1-3ubuntu0.10) ...
Setting up cloud-init (24.1.3-0ubuntu1~22.04.5) ...
Installing new version of config file /etc/cloud/cloud.cfg ...
Installing new version of config file /etc/cloud/cloud.cfg.d/05_logging.cfg ...
Installing new version of config file /etc/cloud/templates/chrony.conf.cos.tmpl ...
Installing new version of config file /etc/cloud/templates/chrony.conf.debian.tmpl ...
Installing new version of config file /etc/cloud/templates/chrony.conf.ubuntu.tmpl ...
Installing new version of config file /etc/cloud/templates/hosts.alpine.tmpl ...
Installing new version of config file /etc/cloud/templates/hosts.mariner.tmpl ...
Installing new version of config file /etc/cloud/templates/ntp.conf.ubuntu.tmpl ...
Installing new version of config file /etc/profile.d/Z99-cloud-locale-test.sh ...
Installing new version of config file /etc/profile.d/Z99-cloudinit-warnings.sh ...
Removing obsolete conffile /etc/cloud/clean.d/README ...
Setting up vim (2:8.2.3995-1ubuntu2.17) ...
Setting up openssh-server (1:8.9p1-3ubuntu0.10) ...
rescue-ssh.target is a disabled or a static unit not running, not starting it.
ssh.socket is a disabled or a static unit not running, not starting it.
Setting up libtss2-sys1:amd64 (3.2.0-1ubuntu1.1) ...
Setting up docker.io (24.0.7-0ubuntu2~22.04.1) ...
Unpacking libtss2-esys-3.0.2-0:amd64 (3.2.0-1ubuntu1.1) over (3.2.0-1ubuntu1) ...
Preparing to unpack .../34-linux-firmware_20220329.git681281e4-0ubuntu3.31_all.deb ...
Unpacking linux-firmware (20220329.git681281e4-0ubuntu3.31) over (20220329.git681281e4-0ubuntu3.29) ...
Preparing to unpack .../35-python3-idna_3.3-1ubuntu0.1_all.deb ...
Unpacking python3-idna (3.3-1ubuntu0.1) over (3.3-1) ...
Preparing to unpack .../36-python3-jinja2_3.0.3-1ubuntu0.2_all.deb ...
Unpacking python3-jinja2 (3.0.3-1ubuntu0.2) over (3.0.3-1ubuntu0.1) ...
Preparing to unpack .../37-snapd_2.63+22.04_amd64.deb ...
Unpacking snapd (2.63+22.04) over (2.58+22.04.1) ...
Preparing to unpack .../38-cloud-init_24.1.3-0ubuntu1~22.04.5_all.deb ...
Unpacking cloud-init (24.1.3-0ubuntu1~22.04.5) over (23.3.3-0ubuntu0~22.04.1) ...
Preparing to unpack .../39-intel-microcode_3.20240514.0ubuntu0.22.04.1_amd64.deb ...
Unpacking intel-microcode (3.20240514.0ubuntu0.22.04.1) over (3.20231114.0ubuntu0.22.04.1) ...
Setting up tcpdump (4.99.1-3ubuntu0.2) ...
Installing new version of config file /etc/apparmor.d/usr.bin.tcpdump ...
Setting up apt-utils (2.4.12) ...
Setting up wget (1.21.2-2ubuntu1.1) ...
Setting up bind9-libs:amd64 (1:9.18.24-0ubuntu0.22.04.1) ...
Setting up linux-firmware (20220329.git681281e4-0ubuntu3.31) ...
update-initramfs: Generating /boot/initrd.img-5.15.0-107-generic
update-initramfs: Generating /boot/initrd.img-5.15.0-105-generic
Setting up libarchive13:amd64 (3.6.0-1ubuntu1.1) ...
Setting up openssh-client (1:8.9p1-3ubuntu0.10) ...
Setting up update-notifier-common (3.192.54.8) ...
update-notifier-download.service is a disabled or a static unit not running, not starting it.
update-notifier-motd.service is a disabled or a static unit not running, not starting it.
Setting up intel-microcode (3.20240514.0ubuntu0.22.04.1) ...
update-initramfs: deferring update (trigger activated)
intel-microcode: microcode will be updated at next boot
Setting up libtss2-mu0:amd64 (3.2.0-1ubuntu1.1) ...
Setting up libtss2-tcti-swtpm0:amd64 (3.2.0-1ubuntu1.1) ...
Setting up libnetplan0:amd64 (0.106.1-7ubuntu0.22.04.4) ...
Setting up locales (2.35-0ubuntu3.8) ...
Generating locales (this might take a while)...
  en_US.UTF-8... done
Generation complete.
Setting up landscape-common (23.02-0ubuntu1~22.04.2) ...
Setting up libldap-common (2.5.17+dfsg-0ubuntu0.22.04.1) ...
Setting up libgpgme11:amd64 (1.16.0-1.2ubuntu4.2) ...
Setting up libldap-2.5-0:amd64 (2.5.17+dfsg-0ubuntu0.22.04.1) ...
Setting up xxd (2:8.2.3995-1ubuntu2.17) ...
Setting up libtss2-tcti-device0:amd64 (3.2.0-1ubuntu1.1) ...
Setting up runc (1.1.12-0ubuntu2~22.04.1) ...
Setting up netplan.io (0.106.1-7ubuntu0.22.04.4) ...
Setting up python3-jinja2 (3.0.3-1ubuntu0.2) ...
Setting up libtss2-tcti-cmd0:amd64 (3.2.0-1ubuntu1.1) ...
Setting up vim-common (2:8.2.3995-1ubuntu2.17) ...
Setting up python3-idna (3.3-1ubuntu0.1) ...
Setting up libtss2-tcti-mssim0:amd64 (3.2.0-1ubuntu1.1) ...
Setting up git-man (1:2.34.1-1ubuntu1.11) ...
Setting up vim-runtime (2:8.2.3995-1ubuntu2.17) ...
Setting up containerd (1.7.12-0ubuntu2~22.04.1) ...
Setting up bind9-host (1:9.18.24-0ubuntu0.22.04.1) ...
Setting up openssl (3.0.2-0ubuntu1.16) ...
Setting up ethtool (1:5.16-1ubuntu0.1) ...
Setting up snapd (2.63+22.04) ...
Installing new version of config file /etc/apparmor.d/usr.lib.snapd.snap-confine.real ...
snapd.failure.service is a disabled or a static unit not running, not starting it.
snapd.snap-repair.service is a disabled or a static unit not running, not starting it.
Failed to restart snapd.mounts-pre.target: Operation refused, unit snapd.mounts-pre.target may be requested by dependency only (it is configured to refuse manual start/stop).
See system logs and 'systemctl status snapd.mounts-pre.target' for details.
Could not execute systemctl:  at /usr/bin/deb-systemd-invoke line 142.
Setting up openssh-sftp-server (1:8.9p1-3ubuntu0.10) ...
Setting up cloud-init (24.1.3-0ubuntu1~22.04.5) ...
Installing new version of config file /etc/cloud/cloud.cfg ...
Installing new version of config file /etc/cloud/cloud.cfg.d/05_logging.cfg ...
Installing new version of config file /etc/cloud/templates/chrony.conf.cos.tmpl ...
Installing new version of config file /etc/cloud/templates/chrony.conf.debian.tmpl ...
Installing new version of config file /etc/cloud/templates/chrony.conf.ubuntu.tmpl ...
Installing new version of config file /etc/cloud/templates/hosts.alpine.tmpl ...
Installing new version of config file /etc/cloud/templates/hosts.mariner.tmpl ...
Installing new version of config file /etc/cloud/templates/ntp.conf.ubuntu.tmpl ...
Installing new version of config file /etc/profile.d/Z99-cloud-locale-test.sh ...
Installing new version of config file /etc/profile.d/Z99-cloudinit-warnings.sh ...
Removing obsolete conffile /etc/cloud/clean.d/README ...
Setting up vim (2:8.2.3995-1ubuntu2.17) ...
Setting up openssh-server (1:8.9p1-3ubuntu0.10) ...
rescue-ssh.target is a disabled or a static unit not running, not starting it.
ssh.socket is a disabled or a static unit not running, not starting it.
Setting up libtss2-sys1:amd64 (3.2.0-1ubuntu1.1) ...
Setting up docker.io (24.0.7-0ubuntu2~22.04.1) ...
Setting up vim-tiny (2:8.2.3995-1ubuntu2.17) ...
Setting up libtss2-esys-3.0.2-0:amd64 (3.2.0-1ubuntu1.1) ...
Setting up git (1:2.34.1-1ubuntu1.11) ...
Setting up bind9-dnsutils (1:9.18.24-0ubuntu0.22.04.1) ...
Processing triggers for mailcap (3.70+nmu1ubuntu1) ...
Processing triggers for libc-bin (2.35-0ubuntu3.8) ...
Processing triggers for rsyslog (8.2112.0-2ubuntu2.2) ...
Processing triggers for ufw (0.36.1-4ubuntu0.1) ...
Processing triggers for man-db (2.10.2-1) ...
Processing triggers for dbus (1.12.20-2ubuntu4.1) ...
Processing triggers for install-info (6.8-4build1) ...
Processing triggers for initramfs-tools (0.140ubuntu13.4) ...
update-initramfs: Generating /boot/initrd.img-5.15.0-107-generic
Scanning processes...
Scanning candidates...
Scanning linux images...

Running kernel seems to be up-to-date.

Restarting services...
update-initramfs: Generating /boot/initrd.img-5.15.0-105-generic
Setting up libarchive13:amd64 (3.6.0-1ubuntu1.1) ...
Setting up openssh-client (1:8.9p1-3ubuntu0.10) ...
Setting up update-notifier-common (3.192.54.8) ...
update-notifier-download.service is a disabled or a static unit not running, not starting it.
update-notifier-motd.service is a disabled or a static unit not running, not starting it.
Setting up intel-microcode (3.20240514.0ubuntu0.22.04.1) ...
update-initramfs: deferring update (trigger activated)
intel-microcode: microcode will be updated at next boot
Setting up libtss2-mu0:amd64 (3.2.0-1ubuntu1.1) ...
Setting up libtss2-tcti-swtpm0:amd64 (3.2.0-1ubuntu1.1) ...
Setting up libnetplan0:amd64 (0.106.1-7ubuntu0.22.04.4) ...
Setting up locales (2.35-0ubuntu3.8) ...
Generating locales (this might take a while)...
  en_US.UTF-8... done
Generation complete.
Setting up landscape-common (23.02-0ubuntu1~22.04.2) ...
Setting up libldap-common (2.5.17+dfsg-0ubuntu0.22.04.1) ...
Setting up libgpgme11:amd64 (1.16.0-1.2ubuntu4.2) ...
Setting up libldap-2.5-0:amd64 (2.5.17+dfsg-0ubuntu0.22.04.1) ...
Setting up xxd (2:8.2.3995-1ubuntu2.17) ...
Setting up libtss2-tcti-device0:amd64 (3.2.0-1ubuntu1.1) ...
Setting up runc (1.1.12-0ubuntu2~22.04.1) ...
Setting up netplan.io (0.106.1-7ubuntu0.22.04.4) ...
Setting up python3-jinja2 (3.0.3-1ubuntu0.2) ...
Setting up libtss2-tcti-cmd0:amd64 (3.2.0-1ubuntu1.1) ...
Setting up vim-common (2:8.2.3995-1ubuntu2.17) ...
Setting up python3-idna (3.3-1ubuntu0.1) ...
Setting up libtss2-tcti-mssim0:amd64 (3.2.0-1ubuntu1.1) ...
Setting up git-man (1:2.34.1-1ubuntu1.11) ...
Setting up vim-runtime (2:8.2.3995-1ubuntu2.17) ...
Setting up containerd (1.7.12-0ubuntu2~22.04.1) ...
Setting up bind9-host (1:9.18.24-0ubuntu0.22.04.1) ...
Setting up openssl (3.0.2-0ubuntu1.16) ...
Setting up ethtool (1:5.16-1ubuntu0.1) ...
Setting up snapd (2.63+22.04) ...
Installing new version of config file /etc/apparmor.d/usr.lib.snapd.snap-confine.real ...
snapd.failure.service is a disabled or a static unit not running, not starting it.
snapd.snap-repair.service is a disabled or a static unit not running, not starting it.
Failed to restart snapd.mounts-pre.target: Operation refused, unit snapd.mounts-pre.target may be requested by dependency only (it is configured to refuse manual start/stop).
See system logs and 'systemctl status snapd.mounts-pre.target' for details.
Could not execute systemctl:  at /usr/bin/deb-systemd-invoke line 142.
Setting up openssh-sftp-server (1:8.9p1-3ubuntu0.10) ...
Setting up cloud-init (24.1.3-0ubuntu1~22.04.5) ...
Installing new version of config file /etc/cloud/cloud.cfg ...
Installing new version of config file /etc/cloud/cloud.cfg.d/05_logging.cfg ...
Installing new version of config file /etc/cloud/templates/chrony.conf.cos.tmpl ...
Installing new version of config file /etc/cloud/templates/chrony.conf.debian.tmpl ...
Installing new version of config file /etc/cloud/templates/chrony.conf.ubuntu.tmpl ...
Installing new version of config file /etc/cloud/templates/hosts.alpine.tmpl ...
Installing new version of config file /etc/cloud/templates/hosts.mariner.tmpl ...
Installing new version of config file /etc/cloud/templates/ntp.conf.ubuntu.tmpl ...
Installing new version of config file /etc/profile.d/Z99-cloud-locale-test.sh ...
Installing new version of config file /etc/profile.d/Z99-cloudinit-warnings.sh ...
Removing obsolete conffile /etc/cloud/clean.d/README ...
Setting up vim (2:8.2.3995-1ubuntu2.17) ...
Setting up openssh-server (1:8.9p1-3ubuntu0.10) ...
rescue-ssh.target is a disabled or a static unit not running, not starting it.
ssh.socket is a disabled or a static unit not running, not starting it.
Setting up libtss2-sys1:amd64 (3.2.0-1ubuntu1.1) ...
Setting up docker.io (24.0.7-0ubuntu2~22.04.1) ...
Setting up vim-tiny (2:8.2.3995-1ubuntu2.17) ...
Setting up libtss2-esys-3.0.2-0:amd64 (3.2.0-1ubuntu1.1) ...
Setting up git (1:2.34.1-1ubuntu1.11) ...
Setting up bind9-dnsutils (1:9.18.24-0ubuntu0.22.04.1) ...
Processing triggers for mailcap (3.70+nmu1ubuntu1) ...
Processing triggers for libc-bin (2.35-0ubuntu3.8) ...
Processing triggers for rsyslog (8.2112.0-2ubuntu2.2) ...
Processing triggers for ufw (0.36.1-4ubuntu0.1) ...
Processing triggers for man-db (2.10.2-1) ...
Processing triggers for dbus (1.12.20-2ubuntu4.1) ...
Processing triggers for install-info (6.8-4build1) ...
Processing triggers for initramfs-tools (0.140ubuntu13.4) ...
update-initramfs: Generating /boot/initrd.img-5.15.0-107-generic
Scanning processes...
Scanning candidates...
Scanning linux images...

Running kernel seems to be up-to-date.

Restarting services...
 /etc/needrestart/restart.d/systemd-manager
 systemctl restart apache2.service cron.service fwupd.service irqbalance.service multipathd.service open-vm-tools.service packagekit.service polkit.service systemd-journald.service systemd-networkd.service systemd-resolved.service systemd-timesyncd.service systemd-udevd.service udisks2.service upower.service vgauth.service
Service restarts being deferred:
 systemctl restart ModemManager.service
 /etc/needrestart/restart.d/dbus.service
 systemctl restart networkd-dispatcher.service
 systemctl restart systemd-logind.service
 systemctl restart unattended-upgrades.service
 systemctl restart user@1000.service

No containers need to be restarted.

No user sessions are running outdated binaries.

No VM guests are running outdated hypervisor (qemu) binaries on this host.

改めて導入済みのパッケージバージョンを確認すると、脆弱性を修正済みである「8.9p1-3ubuntu0.10 」になっていることが分かる。

root@server-ubuntu:~# dpkg -l |grep openssh
ii  openssh-client                         1:8.9p1-3ubuntu0.10                     amd64        secure shell (SSH) client, for secure access to remote machines
ii  openssh-server                         1:8.9p1-3ubuntu0.10                     amd64        secure shell (SSH) server, for secure access from remote machines
ii  openssh-sftp-server                    1:8.9p1-3ubuntu0.10                     amd64        secure shell (SSH) sftp server module, for SFTP access from remote machines

root@server-ubuntu:~# systemctl status sshd
● ssh.service - OpenBSD Secure Shell server
     Loaded: loaded (/lib/systemd/system/ssh.service; enabled; vendor preset: enabled)
     Active: active (running) since Wed 2024-07-03 16:52:51 JST; 11min ago
       Docs: man:sshd(8)
             man:sshd_config(5)
   Main PID: 27798 (sshd)
      Tasks: 1 (limit: 4515)
     Memory: 2.7M
        CPU: 70ms
     CGroup: /system.slice/ssh.service
             mq27798 "sshd: /usr/sbin/sshd -D [listener] 0 of 10-100 startups"

Jul 03 16:52:51 kikuchi-ubuntu01 systemd[1]: Starting OpenBSD Secure Shell server...
Jul 03 16:52:51 kikuchi-ubuntu01 sshd[27798]: Server listening on 0.0.0.0 port 22.
Jul 03 16:52:51 kikuchi-ubuntu01 sshd[27798]: Server listening on :: port 22.
Jul 03 16:52:51 kikuchi-ubuntu01 systemd[1]: Started OpenBSD Secure Shell server.

sshdも稼働しているので、今回の実機確認は完了とする。