So a while back I wrote about – Running Unattended/Automatic Security Updates on Ubuntu 10.04 LTS Lucid, which was great and all.
But now Ubuntu 12.04 LTS is out, so I’m running all new installs on that (woohoo new 9.x versions of PostgreSQL, php-fpm in PHP core etc) and the previous update method I was using seems like it’s not totally reliable on all configs – and it’s a bit long winded = more opportunities to screw it up.
Anyway, I figured out a new way using a Ubuntu package instead of using a script and cron (which seems more sane to me).
This method seems to work 100% of the time, and when you log in via SSH to a 12.04 machine it gives you a nice update, which let’s me know it’s working at expected, e.g:
It should always say xx package(s) can be updated, but it should ALWAYS say “0 updates are security updates.” – if it’s working as expected (which so far it has been).
Anyway onto the install, it’s pretty simple – the first step is to install the required package:
sudo aptitude install unattended-upgrades
After the package is installed, all we need to do is configure it so:
sudo nano /etc/apt/apt.conf.d/10periodic
Delete everything inside and replace it with this:
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
That’s it, you’re done!
By default it only upgrades security packages, but you can adjust it to upgrade everything available if you want and even block certain packages from being upgraded, you can do so here:
/etc/apt/apt.conf.d/50unattended-upgrades
Have fun, and be secure 😀
Comments are closed.