Hey, just a heads-up that this content is based on an automatically imported version from our old CMS. If the formatting isn’t perfect, I’m sorry about that.
I cannot point out often enough how critical it is to keep your internet-based Servers updated. I use and manage some Servers, about 20 currently. But I hate to check them on a weekly base for Security Updates. I still remember days where Sysadmins brag with uptimes – not a smart thing to do.
If you use Debian / Ubuntu there is at least an official simple way to keep the most fears of missed security Updates. Partly as a note for myself I just add this quick “copy and paste” like Information here on how to setup the automatic upgrade on a Debian / ubuntu based server.
You can either just install security patches or do full upgrades of packages. The last one I cannot recommend but it is depending on what your server is doing. In the worst case an upgraded package could break things due to change of behavior or configuration requirements. I stay with the security updates only method.
Setup Automatic Updates
Install unattended-upgrades
apt update && apt install unattended-upgrades
After that you need to edit some Files, if they are not existing yet, create them:
Configure unattended-upgrades
/etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}";
"${distro_id}:${distro_codename}-security";
// Extended Security Maintenance
"${distro_id}ESM:${distro_codename}";
// "${distro_id}:${distro_codename}-updates";
// "${distro_id}:${distro_codename}-proposed";
// "${distro_id}:${distro_codename}-backports";
};
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
Then we need to Enable the whole Process by Editing / Creating:
Enable Automatic Upgrades
/etc/apt/apt.conf.d/20auto-upgrades
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
You can try if everything was successfull using this Command:
unattended-upgrades --debug