Ubuntu Automatic Updates
https://help.ubuntu.com/10.04/serverguide/automatic-updates.html
https://help.ubuntu.com/community/AutomaticSecurityUpdates
unattended-upgrades
The unattended-upgrades package can be used to automatically install updated packages, and can be configured to update all packages or just install security updates. First, install the package by entering the following in a terminal:
sudo apt-get install unattended-upgrades
To configure unattended-upgrades, edit /etc/apt/apt.conf.d/50unattended-upgrades and adjust the following to fit your needs:
Unattended-Upgrade::Allowed-Origins {
"Ubuntu lucid-security";
// "Ubuntu lucid-updates";
};
Certain packages can also be blacklisted and therefore will not be automatically updated. To blacklist a package, add it to the list:
Unattended-Upgrade::Package-Blacklist {
// "vim";
// "libc6";
// "libc6-dev";
// "libc6-i686";
};
-
[Note]
The double “//” serve as comments, so whatever follows "//" will not be evaluated.
To enable automatic updates, edit /etc/apt/apt.conf.d/10periodic and set the appropriate apt configuration options:
APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "1"; APT::Periodic::AutocleanInterval "7"; APT::Periodic::Unattended-Upgrade "1";
The above configuration updates the package list, downloads, and installs available upgrades every day. The local download archive is cleaned every week.
- [Note]
You can read more about apt Periodic configuration options in the /etc/cron.daily/apt script header.
The results of unattended-upgrades will be logged to /var/log/unattended-upgrades.
reconfigure
sudo dpkg-reconfigure -plow unattended-upgrades
(it's an interactive dialog) which will create /etc/apt/apt.conf.d/20auto-upgrades with the following contents:
APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Unattended-Upgrade "1";
- Details about what these values mean may be found in the header of the /etc/cron.daily/apt file. Note:
When the apt job starts, it will sleep for a random period between 0 and APT::Periodic::RandomSleep seconds. The default value is "1800" so that the script will stall for up to 30 minutes (1800 seconds) so that the mirror servers are not crushed by everyone running their updates all at the same time. Only set this to 0 if you use a local mirror and don't mind the load spikes. Note that while the apt job is sleeping it will cause the execution of the rest of your cron.daily jobs to be delayed.
If you want the script to generate more verbose output set APT::Periodic::Verbose "1";
- And /etc/apt/apt.conf.d/50unattended-upgrades:
// Automatically upgrade packages from these (origin, archive) pairs
Unattended-Upgrade::Allowed-Origins {
// ${distro_id} and ${distro_codename} will be automatically expanded
"${distro_id} stable";
"${distro_id} ${distro_codename}-security";
"${distro_id} ${distro_codename}-updates";
// "${distro_id} ${distro_codename}-proposed-updates";
};
// List of packages to not update
Unattended-Upgrade::Package-Blacklist {
// "vim";
// "libc6";
// "libc6-dev";
// "libc6-i686";
};
// Send email to this address for problems or packages upgrades
// If empty or unset then no email is sent, make sure that you
// have a working mail setup on your system. The package 'mailx'
// must be installed or anything that provides /usr/bin/mail.
//Unattended-Upgrade::Mail "root@localhost";
// Do automatic removal of new unused dependencies after the upgrade
// (equivalent to apt-get autoremove)
//Unattended-Upgrade::Remove-Unused-Dependencies "false";
// Automatically reboot *WITHOUT CONFIRMATION* if a
// the file /var/run/reboot-required is found after the upgrade
//Unattended-Upgrade::Automatic-Reboot "false";
Notifications
Configuring Unattended-Upgrade::Mail in /etc/apt/apt.conf.d/50unattended-upgrades will enable unattended-upgrades to email an administrator detailing any packages that need upgrading or have problems.
Another useful package is apticron. apticron will configure a cron job to email an administrator information about any packages on the system that have updates available, as well as a summary of changes in each package.
To install the apticron package, in a terminal enter:
sudo apt-get install apticron
Once the package is installed edit /etc/apticron/apticron.conf, to set the email address and other options:
EMAIL="root@example.com"