Automatic security update process with unattended-upgrades

Automatic security update process with unattended-upgrades

If you use/administer a Debian/Ubuntu system, you can automate the security update process by using the program unattended-upgrades. This tool provides a simple way to manage this task.
To install it :

After selecting “Yes”, a configuration file will be created ( /etc/apt/apt.conf.d/20auto-upgrades ) with this content :

The first line of this file do an “apt-get update” command. The “1” at the end of the line is to indicate it is enabled (0 to disable it).
The second line run the “unattended-upgrade” security upgrade script.

The schedule is managed by :

  • the location of the apt script file. The default is /etc/cron.daily/apt
  • the datetime configured in the file /etc/crontab. For the daily setting, the line is :
    25 6    * * *   root    test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )

You can update the configuration file /etc/apt/apt.conf.d/50unattended-upgrades to :

  • allow other update types (updates, proposed, backports)

  • exclude some packages (regex are supported)

  • configure an automatic reboot

  • schedule a reboot

  • receive an email

  • limit the download bandwidth

More options can be configured. It is well-documented.


References

Debian and Ubuntu Automatic Security Updates

AutomaticSecurityUpdates

<>

My Powershell script categories

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Social Media Auto Publish Powered By : XYZScripts.com
%d bloggers like this: