I cannot point out often enough how critical it is to keep your internet-based Servers updated. I use and manage some Servers, about 20 currently. But I hate to check them on a weekly base for Security Updates. I still remember days where Sysadmins brag with uptimes – not a smart thing to do.

If you use Debian / Ubuntu there is at least an official simple way to keep the most fears of missed security Updates. Partly as a note for myself I just add this quick “copy and paste” like Information here on how to setup the automatic upgrade on a Debian / ubuntu based server.

You can either just install security patches or do full upgrades of packages. The last one I cannot recommend but it is depending on what your server is doing. In the worst case an upgraded package could break things due to change of behavior or configuration requirements. I stay with the security updates only method.

apt update && apt install unattended-upgrades
After that you need to edit some Files, if they are not existing yet, create them:


Unattended-Upgrade::Allowed-Origins {
// Extended Security Maintenance        
//      "${distro_id}:${distro_codename}-updates";
//      "${distro_id}:${distro_codename}-proposed";
//      "${distro_id}:${distro_codename}-backports";
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
Then we need to Enable the whole Process by Editing / Creating:


APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";

You can try if everything was successfull using this Command:

unattended-upgrades --debug


Follow Icon
Don’t miss out and subscribe by email:
Don't worry! NO Spam and FREE; Receive a summarizing email for new posts, easy to unsubscribe at any time.
← Other Blog Posts