Setup Automatic Updates and Security Patches on Ubuntu 16.04
Setup Automatic Updates and Security Patches on Ubuntu 16.04
Software developers have to necessitate constant releasing updates to their packages for the higher performance.Ubuntu regularly allow security patches for susceptibility to laceration or attack that found in its OS.lacking of the reliability of the package and patches,up to-date on our system, you can leave it potency uncover of being puncture or hacker be exploited. However, everyone has not the enough time every day to log into their server(s) and do them update manually.
As IT-World has some intrinsic part and security updates is one of them. Furthermore, Linux is among them and it also require essential security time to time through updates. When any update detached, we have the time maximum 30 days for its implementation.
– Setup Automatic Updates and Security Patches
If your system do not have installed it,then you have the option to install it by typing:
sudo apt-get update sudo apt-get install unattended-upgrades
Steps for how we configure update file /etc/apt/apt.conf.d/50unattended-upgrades
Now your job is to configure what are the repositories that you need to automatically upgraded.
When you installed the package and you want to open abandoned upgrade file you should run the following command. Other packages like usual update of the software,and security have their own channels.
For Security update automatically you need comment// out remaining channels as they have no power to install new updates without your permission. In no case on the server you have not upgrade package automatically.Keep in mind comment to left channel.
sudo vim /etc/apt/apt.conf.d/50unattended-upgrades
Only by default security upgrades are enabled . You can Comment or uncomment the personal repositories.
If You want you can read what are the different types of repositories here.
// Automatically upgrade packages from these (origin:archive) pairs Unattended-Upgrade::Allowed-Origins { "${distro_id}:${distro_codename}"; "${distro_id}:${distro_codename}-security"; "${distro_id}ESM:${distro_codename}"; "${distro_id}:${distro_codename}-updates"; // "${distro_id}:${distro_codename}-proposed"; // "${distro_id}:${distro_codename}-backports"; };
Some Step to enable unattended-upgrades
For automatic updates , you must edit /etc/apt/apt.conf.d/10periodic.
sudo vim /etc/apt/apt.conf.d/10periodic
How we can Modify and enable the update/upgrade script (0=disable)
APT::Periodic::Enable "1";
Do auto “apt-get update” automatically every n-days (0=disable)
APT::Periodic::Update-Package-Lists "1";
Do auto “apt-get upgrade –download-only” every n-days (0=disable)
APT::Periodic::Download-Upgradeable-Packages "1";
Do auto “apt-get autoclean” every n-days (0=disable)
APT::Periodic::AutocleanInterval "21";
You requires the package “unattended-upgrades” and write a log in /var/log/unattended-upgrades
APT::Periodic::Unattended-Upgrade "1";
Now you need send a report mail to root user
0: no report (or null string) 1: progress report (actually any string) 2: + command outputs (remove -qq, remove 2>/dev/null, add -d) 3: + trace on
APT::Periodic::Verbose "0";
I use the given configuration . It will verify for downloads and update them day-to-day.
APT::Periodic::Enable "1"; APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "1"; APT::Periodic::Unattended-Upgrade "1"; APT::Periodic::AutocleanInterval "7";
Blacklist Packages
If you wish for a specific package that not automatically update,then you must add it to the blacklist.
sudo vim /etc/apt/apt.conf.d/50unattended-upgrades
Add the name of the package that you have the desire to blacklisted into Unattended-Upgrade::Package-Blacklist.
// List of packages to not update (regexp are supported) Unattended-Upgrade::Package-Blacklist { // "vim"; // "libc6"; // "libc6-dev"; // "libc6-i686"; };
If your requirement is to disable unattended-upgrades
If you confirm that you now no longer need to run unattended-upgrades, you can do it disable by editing /etc/apt/apt.conf.d/10periodic.
sudo nano /etc/apt/apt.conf.d/10periodic
Rework the value of APT::Periodic::Unattended-Upgrade to 0
APT::Periodic::Unattended-Upgrade "0";
Debugging
All attempts are by default logged to /var/log/unattended-upgrades/unattended-upgrades.log
You can reproduce log extra debug and installing updates output by running:
sudo unattended-upgrade --debug --dry-run
Cheers! You’ve wonderfully framework automatic updates on your system Ubuntu.