Automatic update of the Debian Linux test environment

A convenient way to maintain the test environment is automatic updating.
However, remember to set the backup, e.g. the day before – I always set it like that in proxmoxe.
The script that updates the Debian system looks like this:

You can download the script from:

The script cleans unnecessary deb files after the update.
Keep in mind the permissions and capabilities of the script:

In crontab, I set the day after automatic backup in proxmoxe:

Of course, the script can be added in the production environment, but it should not be added to the crontab.

E-mail notification about new updates Proxmox

This script send you e-mail notification about new updates:

You can download the script from:

You should set the correct e-mail address in the script, for now it is
Notification it’s looks something like that:

Should the script be executed:

Also added to the crontab, every day to extend a new update:

Remember don’t to upgrade your system on Friday! Good luck!

Upgrade Debian GNU/Linux 10 (buster) to 11 (bullseye)

Before we start upgrading the Debian system version, please make a snapshot or a possible backup of the system. Such a change entails significant changes that can damage the system. Of course, before you upgrade the system in production, it is best to upgrade to the testing environment first. The upgrade process affects the entire system. Services may not be available at this time. If the system is doing the hosting for your website then it may not be available!

Always bear in mind that the production environment is different from test environment, so I recommend that you do it carefully. A good practice is to keep a time interval between the upgrade of test and production environment, in my case it is a week. Remember not to make changes to production on Friday!

This is how we check the version of the system:

And now, we going to update OS, but before we do that – we will make copy of:

There is sorces setup for buster:

Before we upgrade the debian system version to 11, we need to do a full upgrade:

Then we use sed to replace “buster” on “bullseye”:

There here’s the effect:

To be sure, we will do a comparison of the backed up file:

And then we can do update:

So that it is not too easy, to start the task in the form of:

Specifically about this error:

To fix it, use any editor on the file (vi in ​​my case):

We remove line 4 – “deb buster/updates main contrib” as you can see, we go out and save :

Of course, any other editor like nano is also good for this case.
The contents of the /etc/apt/sources.list file now looks like this:

We can try to update the system again:

Now you need get some the system upgrade process has started. You can go for a coffee, or not 😉
There will be questions.
And more information, albout apt listchanges:

Just press ‘q’ and enter.

In this case we press enter.

Services to restart:

Enter agien.

This is question, about ssh deamon configuration:

In my case, I press enter because I don’t want to make changes to its configuration.

If all went well, we can reboot the system:

Now check the system:

Congratulations, we are on the new version of the system!
At this point, we can verify all services, for example whether the website is working properly. If it is OK, upgrade the production environment.

In my cases, I have problem PHP new version.
PHP have no persmision on nginx to user – when I try enter to page:

So we need to fix that in this way:

There is something wrong with the permissions:

Let’s make some backup:

I will replace www-data to nginx:

Now it’s looks better:

And restart services:

Also checking status:

Another problem is that, mariadb was removed, so I install it agien:

and that resolved all my problems.

To be 100% sure, I reloaded the entire machine.

nmap scaning ciphers and ssl

In debian 11:

Nmap is one of more powerfull tools to scaning network.
We start the installation on debian as root:

and than we can check for example

It’s much slower than sslscan, but result is the same (tls 1.1, 1.2 and tls 1.3).

TLS 1.0:

TLS 1.1:

TLS 1.2:

The most important thing is don’t using vulnerable ciphers, and reading output of nmap, for example in this case:
“64-bit block cipher 3DES vulnerable to SWEET32 attack” – on SWEET32 vulnerability.
When we testing external website available from internet you can use but if we have internal server nmap in this case is very good solution to use.

sslscan tool for scaning SSL

In debian 11:

One of the best tool for scaning ssl is sslscan in Linux.
You can install on debian like this as root of course:

and than we can check for example

As you see, google use now tls 1.0, 1.1, 1.2 and 1.3:

Expired domain nginx

Script to help check if the domain is expiring (don’t forget change e-mail in script – now is

This way you can download the script and give it permission to run:

And now we can add it to crontab, on monday for example: