en

Knowledge Base

  1. Home
  2. Knowledge Base
  3. Dedicated Servers

How to Setup Unattended Upgrades on Debian 9 (Stretch)

  • Last Created On Dec 10, 2024
  • 47
0 0

If you purchase a Debian server, then you should always have the latest security patches and updates, whether you’re asleep or not. This is pretty easy to do. Here’s how.

Run this command to install the “unattended-upgrades” package, along with a package to identify the changes:

apt -y install unattended-upgrades apt-listchanges

After that is installed, then edit the unattended-upgrade configuration:

nano /etc/apt/apt.conf.d/50unattended-upgrades

Paste the following into this file after emptying it, then modify items with ** **. Remember to remove the asterisks.

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
Unattended-Upgrade::Mail "**YOUR_EMAIL_HERE**";

// Automatically upgrade packages from these 
Unattended-Upgrade::Origins-Pattern {
      "o=Debian,a=stable";
      "o=Debian,a=stable-updates";
      "o=Debian,a=proposed-updates";
      "origin=Debian,codename=${distro_codename},label=Debian-Security";
};

// You can specify your own packages to NOT automatically upgrade here
Unattended-Upgrade::Package-Blacklist {
//      "vim";
//      "libc6";
//      "libc6-dev";
//      "libc6-i686";

};

Unattended-Upgrade::MailOnlyOnError "true";
Unattended-Upgrade::Automatic-Reboot "false";

NOTE: To remove the original lines from the file you can hold ( ctrl + k )

NOTE: You can set Automatic-Reboot to true if you want your server to reboot when it’s necessary.

Install “apticron” to manage automatic execution of APT updates:

apt -y install apticron

Open /etc/apticron/apticron.conf and set the EMAIL variable to your email address, so you can receive the list of changes.

EMAIL="**me@example.com**"
DIFF_ONLY="1"
LISTCHANGES_PROFILE="apticron"
SYSTEM="**HOSTNAME.OF.SERVER**"
NOTIFY_HOLDS="0"
NOTIFY_NO_UPDATES="0"

Open /etc/apt/listchanges.conf to configure APT to save the changes to a database:

[apt]
frontend=pager
email_address=**me@example**
confirm=0
save_seen=/var/lib/apt/listchanges.db
which=news

You can run unattended-upgrade manually with debug mode to see if it works correctly:

unattended-upgrade -d
Views: 47

Recent Articles

  • How to Install JAX with ROCm Acceleratio...
    1261
  • Deploy a PyTorch Workspace on a Vultr Cl...
    798
  • Managing Backup Storage
    814
  • Automating FTP Backups in Windows Server
    783
  • Automating FTP Backups in Linux
    760

Popular Articles

  • Our General Terms & Conditions
    20426
  • Our Privacy Policy
    19305
  • Our Cookies Policy
    2225
  • Our Terms of Use
    1274
  • How to Install JAX with ROCm Acceleratio...
    1261