Skip to main content

automated updates (unattended-upgrades)

Category: Debian

It is absolutely recommended to perform security updates immediately. Here I want to demonstrate how this can be automated using "unattended-upgrades".

Please keep in mind that updates applied to productive environments always should be tested before.

Updates can be automated using shell scripts and cronjobs for sure, but "unattended-upgrades" are offering a lot of configuration options.

sudo apt-get install unattended-upgrades

Subsequently the configuration can be done in file /etc/apt/apt.conf.d/50unattended-upgrades. At section "Origin-Patterns" you can define what packages should be updated automatically.

//security updates only

//update all packages

By using the following command you will get an overview how the used sources are labelled:

apt-cache policy

In area "Package-Blacklist" specific packages can be excluded from automated updates.

Unattended-Upgrade::Package-Blacklist {

With the following options the mailer can be configured:

Unattended-Upgrade::Mail "root";
Unattended-Upgrade::MailOnlyOnError "false";

Further options:

// automated reboot if neccessary
//Unattended-Upgrade::Automatic-Reboot "false";
//Unattended-Upgrade::Automatic-Reboot-Time "02:00";

// limit download bandwith
//Acquire::http::Dl-Limit "70";

Finally you can enable/disable unattended upgrades easily using the following commands:

# activate
sudo cp /usr/share/unattended-upgrades/20auto-upgrades /etc/apt/apt.conf.d/20auto-upgrades

# deactivate
sudo cp /usr/share/unattended-upgrades/20auto-upgrades-disabled /etc/apt/apt.conf.d/20auto-upgrades