If you use/administer a Debian/Ubuntu system, you can automate the security update process by using the program unattended-upgrades. This tool provides a simple way to manage this task.
To install it :
apt-get install unattended-upgrades
After selecting “Yes”, a configuration file will be created ( /etc/apt/apt.conf.d/20auto-upgrades ) with this content :
The first line of this file do an “apt-get update” command. The “1” at the end of the line is to indicate it is enabled (0 to disable it).
The second line run the “unattended-upgrade” security upgrade script.
The schedule is managed by :
- the location of the apt script file. The default is /etc/cron.daily/apt
- the datetime configured in the file /etc/crontab. For the daily setting, the line is :
25 6 * * * root test -x /usr/sbin/anacron || ( cd / && run-parts --report /etc/cron.daily )
You can update the configuration file /etc/apt/apt.conf.d/50unattended-upgrades to :
- allow other update types (updates, proposed, backports)
- exclude some packages (regex are supported)
- configure an automatic reboot
- schedule a reboot
- receive an email
- limit the download bandwidth
More options can be configured. It is well-documented.