Easily Turn On Automatic Security Updates For Ubuntu Servers

Share
Enable automatic Ubuntu server updatesRelax and turn on automatic Ubuntu Server Updates

Hello everyone, how are you all doing today? I hope you are all having a wonderful weekend. I just had a friend of mine who stays in California tell me about a wild party he went to last night and I am jealous as hell, I haven’t been to a great party in months! So this Holiday season I plan to have some fun, it’s time to party like I am 16 again! Lol anyway, read on…

Are Automatic Server Upgrades a Good Choice?

It’s actually a tougher choice than most people think.  Enabling automatic updates does save you a lot of time and can make your day that much better when you know that your servers are safe, but at the same time, automatic updates are not perfect. Sometimes a bug can be released in an automatic upgrade which could lead to your websites being down, or maybe the automatic grade you  get is not compatible with your other software an example would be mixed matched mysql and php versions. These are just some ideas off the top of my head so, keep that in mind, lol. Anyway, the point is sometimes it’s also good to manually upgrade your ubuntu servers so that you know exactly what’s going on step by step.

Installing the Unattended Upgrades Package On Ubuntu

The easiest way to get started with automatic updates is with theunattended-upgrades package. It can be installed withapt-get install unattended-upgrades.

After installation, you’ll need to run dpkg-reconfigure unattended-upgrades and select ‘yes’, or manually place a configuration file at/etc/apt/apt.conf.d/20auto-upgrades with the contents:

APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Unattended-Upgrade "1";

This allows the system to run the unattended-upgrades utility regularly. The actual timing is normally determined by cron, which has a daily cron file for doing aptmaintenance located at /etc/cron.daily/apt.

[contentblock id=9 img=adsense.png]

Configuring the Unattended Upgrades Package On Ubuntu

After installation, you get to configure what operations the unattended-upgradeutility will actually perform. By default, it will simply install updates tagged as ‘security’, but will not automatically reboot the system if any updates require a reboot.

The typical configuration file, located at /etc/apt/apt.conf.d/50unattended-upgrades, is well documented and can be edited to suit your needs.

Here are some configuration highlights:

Allowed-Origins / Origins-Pattern On Ubuntu

Depending on whether your distro is Debian or Ubuntu, the method of filtering origins may differ. On Debian, the section is Unattended-Upgrade::Origins-Pattern, and on Ubuntu, the section is Unattended-Upgrade::Allowed-Origins. This section allows you to determine which origins unattended-upgrades will consult when installing updates. By default, only security updates are allowed. If you’d like to add other updates, uncomment or add the appropriate origins.

Package-Blacklist On Ubuntu

To prevent a package to being updated automatically, you add them to blocklist. To blacklist a package, navigate to Package-Blacklist section and add your packages:

// List of packages to not update
Unattended-Upgrade::Package-Blacklist {
//      "vim";
//      "libc6";
//      "libc6-dev";
//      "libc6-i686";
};

This filters specific packages from being considered when installing updates. For example, you may wish to avoid automatically installing any updates for MySQL server to prevent it from being automatically restarted. Add appropriate package names as desired.

Enable / Disable Automatic Updates On Ubuntu

To enable (or disable) the automatic updates you’ll finally need to edit the/etc/apt/apt.conf.d/10periodic file and make it look like the example here:

APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "1"; APT::Periodic::AutocleanInterval "7"; APT::Periodic::Unattended-Upgrade "1";

Finally, to disable automatic updates change the “1”s in the file above to “0”.


Some Things To Know

Mail

This specifies the e-mail address that unattended-upgrades will send a message to when updates are being installed, or if problems are encountered. A valid mailcommand will need to be operational on the system for this to work (a simpleapt-get install bsd-mailx will provide this).

MailOnlyOnError

By default, unattended-upgrades will send an e-mail when any updates are installed. If you only want to receive a message if there is a problem, you can set this to true.

Automatic-Reboot

By default, unattended-upgrades will not automatically reboot the system if a reboot is required to complete the update (kernel updates, for instance). This could be potentially disruptive, but could be enabled if desired.

Only Notifications

If automatic security updates aren’t a good candidate for your system, you’ll still probably want to be notified when updates are available. apticron is a good package for this. After installing with apt-get install apticron, configure the mailing address in /etc/apticron/apticron.conf. Whenever updates are available for packages on your system, you will receive an e-mail with details.

Remember to like our facebook and our twitter @ubuntufree for a chance to win a free Ubuntu laptop on December 25!

Quick Links: Download Apps for UbuntuDownload Free Ubuntu eBooks | Avast Business Antivirus For Linux