Automatic security update process with unattended-upgrades
Automatic security update process with unattended-upgrades

If you use/administer a Debian/Ubuntu system, you can automate the security update process by using the program unattended-upgrades. This tool provides a simple way to manage this task.
To install it :

apt-get install unattended-upgrades
dpkg-reconfigure unattended-upgrades

After selecting “Yes”, a configuration file will be created ( /etc/apt/apt.conf.d/20auto-upgrades ) with this content :

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

The first line of this file do an “apt-get update” command. The “1” at the end of the line is to indicate it is enabled (0 to disable it).
The second line run the “unattended-upgrade” security upgrade script.

The schedule is managed by :

  • the location of the

    script file. The default is /etc/cron.daily/apt

  • the datetime configured in the file /etc/crontab. For the daily setting, the line is :
    25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts –report /etc/cron.daily )

You can update the configuration file /etc/apt/apt.conf.d/50unattended-upgrades to :

  • allow other update types (updates, proposed, backports)
    Unattended-Upgrade::Allowed-Origins {
  • exclude some packages (regex are supported)
    Unattended-Upgrade::Package-Blacklist {
  • configure an automatic reboot
    Unattended-Upgrade::Automatic-Reboot "false";
  • schedule a reboot
    Unattended-Upgrade::Automatic-Reboot-Time "02:00";
  • receive an email
    Unattended-Upgrade::Mail "youremail@local.domain";
  • limit the download bandwidth
    Acquire::http::Dl-Limit "70";

More options can be configured. It is well-documented.


Debian and Ubuntu Automatic Security Updates



My Powershell script categories

Automatic security update process with unattended-upgrades

Leave a Reply

Your email address will not be published.