I cannot point out often enough how critical it is to keep your internet-based Servers updated. I use and manage some Servers, about 20 currently. But I hate to check them on a weekly base for Security Updates. I still remember days where Sysadmins brag with uptimes – not a smart thing to do.

If you use Debian / Ubuntu there is at least an official simple way to keep the most fears of missed security Updates. Partly as a note for myself I just add this quick “copy and paste” like Information here on how to setup the automatic upgrade on a Debian / ubuntu based server.

You can either just install security patches or do full upgrades of packages. The last one I cannot recommend but it is depending on what your server is doing. In the worst case an upgraded package could break things due to change of behavior or configuration requirements. I stay with the security updates only method.
 


apt update && apt install unattended-upgrades
After that you need to edit some Files, if they are not existing yet, create them:
 

/etc/apt/apt.conf.d/50unattended-upgrades


Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}";
        "${distro_id}:${distro_codename}-security";
// Extended Security Maintenance        
        "${distro_id}ESM:${distro_codename}";
//      "${distro_id}:${distro_codename}-updates";
//      "${distro_id}:${distro_codename}-proposed";
//      "${distro_id}:${distro_codename}-backports";
};
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
Then we need to Enable the whole Process by Editing / Creating:
 

/etc/apt/apt.conf.d/20auto-upgrades


APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";


You can try if everything was successfull using this Command:

unattended-upgrades --debug
 

✉ MG// CEST

Follow Icon
Don’t miss out and subscribe by email:
Not to worry! No spam. Just a summarizing email for new posts, easy to unsubscribe at any time.