Unattended security updates in Debian / Ubuntu

October 31, 2011 Ronny Roethof Uncategorized 0

In order to have automatic and unattended security updates in Debian or Ubuntu, one needs to install the according package:sudo aptitude install unattended-upgrades

The file /etc/apt/apt.conf.d/10periodic needs to be created with the following content

APT::Periodic::Enable "1";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "5";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::RandomSleep "1800";

Also, change the first few lines of /etc/apt/apt.conf.d/50unattended-upgrades as follows so that only security updates are considered

Unattended-Upgrade::Allowed-Origins {
        "Ubuntu lucid-security";
        "Ubuntu lucid-updates";
};

Unattended-Upgrade::Package-Blacklist {
};

Unattended-Upgrade::Mail "root@localhost";

Unattended-Upgrade::Remove-Unused-Dependencies "false";
Unattended-Upgrade::Automatic-Reboot "false";

It is vital to redo these setting after a global upgrade to a new distro release.

If configured correctly the following command should produce this output

apt-config shell UnattendedUpgradeInterval APT::Periodic::Unattended-Upgrade
UnattendedUpgradeInterval='1'

Be the first to comment

Leave a Reply

Your email address will not be published.


*


This site uses Akismet to reduce spam. Learn how your comment data is processed.