Introduction
One central part of keeping Linux servers secure is installing security updates on time. This is one of the critical tasks for Linux admins to make the system up-to-date. In addition, it keeps your system more stable and secure.
Therefore, as a system administrator, regularly updating the servers and applying security patches is one of the essential tasks to keep them stable and secure. However, if an administrator forgets it or takes this task for granted, it can lead to severe security threats.
Install unattended-upgrades Package on Debian
sudo apt update
sudo apt install unattended-upgrades -yConfigure Automatic Updates on Debian
The configuration file for unattended-upgrades is located at /etc/apt/apt.conf.d/ directory. Its name is 50unattended-upgrades. You can edit it using any text editor.
By default only the minimal required options were enabled for security updates. Uncomment the following lines in the file by removing // from the start of the lines:
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades"origin=Debian,codename=${distro_codename}-updates";
"origin=Debian,codename=${distro_codename}-proposed-updates";
"origin=Debian,codename=${distro_codename},label=Debian";
"origin=Debian,codename=${distro_codename},label=Debian-Security";
"origin=Debian,codename=${distro_codename}-security,label=Debian-Security";
Once done, save and exit the file.
Enable Email Notification
If you like to receive email notifications from your Debian system after every automatic security update, modify the following line (uncomment it and add your email id).
//Unattended-Upgrade::Mail "";
Of course, replace the email address with the current one you want to receive the notifications.
Auto Remove Unused Dependencies
Moreover, you may need to run sudo apt autoremove command after every update to remove unused dependencies from the system. Now you can automate this task by making the changes in the following line (uncomment it and change from false to true).
//Unattended-Upgrade::Remove-Unused-Dependencies "false";
//Unattended-Upgrade::Remove-Unused-Dependencies "true";
Enable Automatic Updates on Debian
To enable unattended-upgrades, you will need to configure /etc/apt/apt.conf.d/20auto-upgrades file. Issue the below command in the console to do so:
sudo dpkg-reconfigure --priority=low unattended-upgradesEnable automatic updates on Debian
To view whether the unattended-upgrades service is enabled and running, you can issue the command shown below:
sudo systemctl status unattended-upgrades.serviceIf the service is not allowed and started, you can do so by typing:
sudo systemctl enable unattended-upgrades
sudo systemctl start unattended-upgradesWhen the system performs the unattended upgrade, it logs this activity in the files under /var/log/unattended-upgrades/ directory.
Disable Automatic Updates on Debian
To disable the unattended upgrades, issue the command shown below:
sudo dpkg-reconfigure --priority=low unattended-upgradesConclusion
By enabling the automatic updates on Debian servers, you’ve taken an important step to protect your server from vulnerabilities. Manually updating the system and applying patches can be a very time-consuming process. So the unattended-upgrades save a lot of time.
The unattended-upgrades utility keeps your system current and secure by automatically installing the latest updates and security patches whenever they are available.