Article

Table of Contents
Theme:
Was this article helpful?
Try Vultr Today with

$50 Free on Us!

Want to contribute?

You could earn up to $600 by adding new articles.

How to Setup Unattended Upgrades on Debian 9 (Stretch)

Last Updated: Mon, Oct 23, 2017
Debian Linux Guides System Admin

Introduction

If you purchase a Debian server, then you should always have the latest security patches and updates, whether you're asleep or not. This is pretty easy to do. Here's how.

1. Install the unattended-upgrades Package

Run this command to install the "unattended-upgrades" package, along with a package to identify the changes:

apt -y install unattended-upgrades apt-listchanges

2. Configuration

After that is installed, then edit the unattended-upgrade configuration:

nano /etc/apt/apt.conf.d/50unattended-upgrades

Paste the following into this file after emptying it, then modify items with ** **. Remember to remove the asterisks.

APT::Periodic::Update-Package-Lists "1";

APT::Periodic::Download-Upgradeable-Packages "1";

APT::Periodic::AutocleanInterval "7";

APT::Periodic::Unattended-Upgrade "1";

Unattended-Upgrade::Mail "**YOUR_EMAIL_HERE**";



// Automatically upgrade packages from these 

Unattended-Upgrade::Origins-Pattern {

      "o=Debian,a=stable";

      "o=Debian,a=stable-updates";

      "o=Debian,a=proposed-updates";

      "origin=Debian,codename=${distro_codename},label=Debian-Security";

};



// You can specify your own packages to NOT automatically upgrade here

Unattended-Upgrade::Package-Blacklist {

//      "vim";

//      "libc6";

//      "libc6-dev";

//      "libc6-i686";



};



Unattended-Upgrade::MailOnlyOnError "true";

Unattended-Upgrade::Automatic-Reboot "false";

NOTE: To remove the original lines from the file you can hold ( ctrl + k )

NOTE: You can set Automatic-Reboot to true if you want your server to reboot when it's necessary.

Install "apticron" to manage automatic execution of APT updates:

apt -y install apticron

Open /etc/apticron/apticron.conf and set the EMAIL variable to your email address, so you can receive the list of changes.

EMAIL="**me@example.com**"

DIFF_ONLY="1"

LISTCHANGES_PROFILE="apticron"

SYSTEM="**HOSTNAME.OF.SERVER**"

NOTIFY_HOLDS="0"

NOTIFY_NO_UPDATES="0"

Open /etc/apt/listchanges.conf to configure APT to save the changes to a database:

[apt]

frontend=pager

email_address=**me@example**

confirm=0

save_seen=/var/lib/apt/listchanges.db

which=news

3. Test

You can run unattended-upgrade manually with debug mode to see if it works correctly:

unattended-upgrade -d

Want to contribute?

You could earn up to $600 by adding new articles.