Running Unattended/Automatic Security Updates on Ubuntu 10.04 LTS Lucid

I thought I may as well share/dump some of the tech stuff I learn on here because a) A lot of the stuff I find on Google is complete crap and b) If I forget how to do it I can just search my own blog (w00t) c) It might be useful to someone else.

Anyway, the objective of this exercise is to install security updates on Ubuntu automatically – commonly known as unattended updates (without any operator intervention). It’s not considered safe to install ALL updates unattended – just in case something goes wrong, but for security updates it’s important to install them ASAP.

And it saves you logging in to however many servers you manage (100+ for me currently) and running sudo aptitude update; sudo aptitude safe-upgrade; on all of them.

I wanted to achieve this without installing any additional software – so it can run on a bare-bones install (I’m a server minimalist).

In this case it’s for Ubuntu 10.04 LTS (we only use LTS versions of Ubuntu for production) but it should work on any Debian based variant. Ok first up:

sudo nano /etc/cron.weekly/apt-security-updates

When you have that non-existent file open, paste this inside:

echo "******START********" >> /var/log/apt-security-updates
date >> /var/log/apt-security-updates
aptitude update >> /var/log/apt-security-updates
aptitude safe-upgrade -o Aptitude::Delete-Unused=false --assume-yes --target-release `lsb_release -cs`-security >> /var/log/apt-security-updates
echo "Security updates (if any) installed at:" >> /var/log/apt-security-updates
date  >> /var/log/apt-security-updates
echo "******END********" >> /var/log/apt-security-updates

Then make that file executable with the following command:

sudo chmod +x /etc/cron.weekly/apt-security-updates

What that file basically does is runs aptitude update and aptitude safe-upgrade and logs it all to a file – /var/log/apt-security-updates – so just in case if something goes wrong – you know which packages to look at.

Because it’s logging to a file, just one last precaution – so you don’t run out of disk space – is to add it to logrotate.

So what we do is create the following file:

sudo nano /etc/logrotate.d/apt-security-updates

Then paste this in:

/var/log/apt-security-updates {
    rotate 2
    weekly
    size 250k
    compress
    notifempty
}

And that’s it, your machine will get updated with the latest security updates once a week and your HDD won’t explode because of huge log files.

Comments

comments

Subscribe

You can subscribe via e-mail to get my posts in your Inbox, or stalk me on numerous other platforms.

Follow my Dayre!

, , , , , , , ,


Comments are closed.