It has been said before -and I couldn’t agree more- that some of the best system administrators are those who seem (note the use of the word seem here) to be lazy all the time.
While that may sound somewhat paradoxical, I bet it must be true in most cases – not because they are not doing the job they are supposed to be doing, but rather because they have automated most of it.
One of the critical needs of a Linux system is to be kept up to date with the latest security patches available for the corresponding distribution.
In this article we will explain how to set up your Debian and Ubuntu system to auto install (or update) essential security packages or patches automatically when needed.
Other Linux distributions such as CentOS/RHEL configured to install security updates automatically.
Needless to say, you will need superuser privileges in order to perform the tasks outlined in this article.
Configure Automatic Security Updates On Debian/Ubuntu
To begin, install the following packages:
# aptitude update -y && aptitude install unattended-upgrades apt-listchanges -y
where apt-listchanges will report what has been changed during an upgrade.
Next, open /etc/apt/apt.conf.d/50unattended-upgrades with your preferred text editor and add this line inside the Unattended-Upgrade::Origins-Pattern block:
Finally, use the following command to create and populated the required configuration file (/etc/apt/apt.conf.d/20auto-upgrades) to activate the unattended updates:
# dpkg-reconfigure -plow unattended-upgrades
Yes when prompted to install unattended upgrades:
then check that the following two lines have been added to /etc/apt/apt.conf.d/20auto-upgrades:
APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Unattended-Upgrade "1";
And add this line to make reports verbose:
Last, inspect /etc/apt/listchanges.conf to make sure notifications will be sent to root.
In this post we have explained how to make sure your system is updated regularly with the latest security patches. Additionally, you learned how to set up notifications in order to keep yourself informed when patches are applied.
Do you have any questions about this article? Feel free to drop us a note using the comment form below. We look forward to hearing from you.