Debian Unattended Security Updates

DebianHow toLinuxSecurity

Follow these instructions and set your email to receive notifications.

https://wiki.debian.org/UnattendedUpgrades

apt-get install unattended-upgrades apt-listchanges apticron -y

nano /etc/apt/apt.conf.d/50unattended-upgrades

Set your email to receive notificaitons:
Unattended
-Upgrade::Mail "your@email.com";

To activate unattended-upgrades, you need to ensure that the apt configuration stub /etc/apt/apt.conf.d/20auto-upgrades contains at least the following lines:

nano /etc/apt/apt.conf.d/20auto-upgrades
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
dpkg-reconfigure -plow unattended-upgrades

Finally to obtain upgrade notifications the apticron needs some configuration.

nano /etc/apticron/apticron.conf
# VERSION: 1.0
# LAST MODIFIED: March 1, 2020
#
# SPECIFY A HOSTNAME if you want apticron to use something other than "hostname -f"
# SYSTEM="system.example.com"

EMAIL="user@domain.com"
DIFF_ONLY="0"
NOTIFY_NEW="1"
LISTCHANGES_PROFILE="apticron"
NOTIFY_NO_UPDATES="1"

Alternatively, you can also create the apt configuration file /etc/apt/apt.conf.d/02periodic to activate unattended-upgrades:

nano /etc/apt/apt.conf.d/02periodic

Below is an example /etc/apt/apt.conf.d/02periodic:

// Control parameters for cron jobs by /etc/cron.daily/apt-compat //


// Enable the update/upgrade script (0=disable)
APT::Periodic::Enable "1";


// Do "apt-get update" automatically every n-days (0=disable)
APT::Periodic::Update-Package-Lists "1";


// Do "apt-get upgrade --download-only" every n-days (0=disable)
APT::Periodic::Download-Upgradeable-Packages "1";


// Run the "unattended-upgrade" security upgrade script
// every n-days (0=disabled)
// Requires the package "unattended-upgrades" and will write
// a log in /var/log/unattended-upgrades
APT::Periodic::Unattended-Upgrade "1";


// Do "apt-get autoclean" every n-days (0=disable)
APT::Periodic::AutocleanInterval "21";


// Send report mail to root
//     0:  no report             (or null string)
//     1:  progress report       (actually any string)
//     2:  + command outputs     (remove -qq, remove 2>/dev/null, add -d)
//     3:  + trace on
APT::Periodic::Verbose "2";

Unattended-Upgrade::Mail "your@email.com";

Test your unattended-upgrade configuration

unattended-upgrade -d

References:

https://www.vultr.com/docs/how-to-set-up-unattended-upgrades-on-debian-9-stretch

Using unattended-upgrades on Debian and Ubuntu

https://www.cyberciti.biz/faq/apt-get-apticron-send-email-upgrades-available/