User avatar
cc001
Lisker
Posts: 103
Joined: Sat Mar 12, 2016 12:48 pm

HowTo: Enable automatic security updates

Sat Dec 10, 2016 12:19 pm

This HowTo shows how to enable automatic security updates (or also other regular updates, if wanted) on a Linux system.
In general I prefer to do updates manually, to know exactly what happens on my system, but I think security updates should be installed regularly every day and automatically.
This guide bases on Ubuntu 14.04.5 and 16.04.1, other system may work similarly.

1. Update and install the needed packages:

Code: Select all

sudo apt-get update
sudo apt-get install unattended-upgrades


2. Modify the file /etc/apt/apt.conf.d/50unattended-upgrades to define which packages should be installed automatically.
I chose only security updates, but you can choose different categories of updates.
Use your prefered editor (vim, nano, etc...), I use vim:

Code: Select all

sudo vim /etc/apt/apt.conf.d/50unattended-upgrades


at the very top you can define what category you want to enable. it looks like this for me:
In Ubuntu 14.04.5:

Code: Select all

// Automatically upgrade packages from these (origin:archive) pairs
Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}-security";
//      "${distro_id}:${distro_codename}-updates";
//      "${distro_id}:${distro_codename}-proposed";
//      "${distro_id}:${distro_codename}-backports";
};


Ubuntu 16.04.1:

Code: Select all

// Automatically upgrade packages from these (origin:archive) pairs
Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}";
        "${distro_id}:${distro_codename}-security";
//      "${distro_id}:${distro_codename}-updates";
//      "${distro_id}:${distro_codename}-proposed";
//      "${distro_id}:${distro_codename}-backports";
};


3. Define how often the updates should be installed
Look for a file in /etc/apt/apt.conf.d/ called
"10periodic" or "20auto-upgrades"
If it doesn't exist, execute the following (answer the questions with Yes):

Code: Select all

sudo dpkg-reconfigure --priority=low unattended-upgrades

modify that file now:

Code: Select all

sudo vim /etc/apt/apt.conf.d/10periodic

or

Code: Select all

sudo vim /etc/apt/apt.conf.d/20auto-upgrades


and replace it's content with the following:

Code: Select all

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";


4. Thats all.
The system should check now every day if new security updates are available, and if yes, install them automatically. Automatic reboots are disabled.
Check /var/log/unattended-upgrades for log messages.
My Delegate Node
My Websites:
My Scripts:
My Tutorials:
  • Secure basic setup of a delegate server
  • how to set up 'lisk-rake' (outdated)


User avatar
Splatters
Lisker
Posts: 64
Joined: Wed Mar 16, 2016 4:59 pm
Location: italy
Contact: Twitter

Re: HowTo: Enable automatic security updates

Sat Dec 10, 2016 2:27 pm

Nice guide as usual!

User avatar
Poly#Crypto
Lisker
Posts: 430
Joined: Thu May 05, 2016 2:19 pm
Contact: Twitter

Re: HowTo: Enable automatic security updates

Sat Dec 10, 2016 5:16 pm

Good guide to an important aspect. Thanks for that
polycrypto ❖ Lisker since day one ❖ 7 secure nodes - Mainnet/Testnet

My Delegate Proposal | My Transparency Reports | My Twitter | Bitcointalk Profil

Return to “Guides”

Who is online

Users browsing this forum: No registered users and 1 guest