Keeping automatic Linux updates turned on will ensure the highest security and quality of OS performance. In this tutorial, you will learn how to enable them.
Table of Contents
Installing required packages to turn on automatic Linux updates
Let’s start by installing everything we need.
sudo apt-get update
sudo apt-get install unattended-upgrades apt-listchanges apticron
After the packages are installed correctly, let’s proceed to creating the configuration file with the rules on how and when automatic updates should take place.
sudo nano /etc/apt/apt.conf.d/51myunattended-upgradesWhen the text editor will open place there the following content:
// Enable the update/upgrade script (0=disable)
APT::Periodic::Enable "1";
// Do "apt-get update" automatically every n-days (0=disable)
APT::Periodic::Update-Package-Lists "1";
// Do "apt-get upgrade --download-only" every n-days (0=disable)
APT::Periodic::Download-Upgradeable-Packages "1";
// Do "apt-get autoclean" every n-days (0=disable)
APT::Periodic::AutocleanInterval "7";
// Send report mail to root
// 0: no report (or null string)
// 1: progress report (actually any string)
// 2: + command outputs (remove -qq, remove 2>/dev/null, add -d)
// 3: + trace on APT::Periodic::Verbose "2";
APT::Periodic::Unattended-Upgrade "1";
// Automatically upgrade packages from these
Unattended-Upgrade::Origins-Pattern {
"o=Debian,a=stable";
"o=Debian,a=stable-updates";
"origin=Debian,codename=${distro_codename},label=Debian-Security";
};
// You can specify your own packages to NOT automatically upgrade here
Unattended-Upgrade::Package-Blacklist {
};
// Run dpkg --force-confold --configure -a if a unclean dpkg state is detected to true to ensure that updates get installed even when the system got interrupted during a previous run
Unattended-Upgrade::AutoFixInterruptedDpkg "true";
//Perform the upgrade when the machine is running because we wont be shutting our server down often
Unattended-Upgrade::InstallOnShutdown "false";
// Send an email to this address with information about the packages upgraded.
Unattended-Upgrade::Mail "root";
// Always send an e-mail
Unattended-Upgrade::MailOnlyOnError "false";
// Remove all unused dependencies after the upgrade has finished
Unattended-Upgrade::Remove-Unused-Dependencies "true";
// Remove any new unused dependencies after the upgrade has finished
Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
// Automatically reboot WITHOUT CONFIRMATION if the file /var/run/reboot-required is found after the upgrade.
Unattended-Upgrade::Automatic-Reboot "true";
// Automatically reboot even if users are logged in.
Unattended-Upgrade::Automatic-Reboot-WithUsers "true";Save the file and run dry-run command to check if everything works correct.
sudo unattended-upgrade -d --dry-run
You should see the following message.
You can configure interactively things like the administrator’s email address where messages with update status will be sent. To do this, issue the following command:
sudo dpkg-reconfigure apt-listchanges
And that’s all!
What to do next?
If you are interested in any other tips on Linux and derivatives, be sure to check out my post on how to set the Custom MOTD in Linux Debian here.
The following tutorial was based on this source. Thank you! 🙂
