Learn How To Set Up Unattended Upgrades on Debian 6/7

November 26, 2019

Table of Contents

    If you are using a different system, please check our other tutorials.

    If you purchase a Debian server, then you should always have the latest security patches and updates, whether you’re asleep or not. This is pretty easy to do. Here’s how.

    Run this command to install the “unattended-upgrades” package, along with a package to identify the changes:

    sudo apt-get install unattended-upgrades apt-listchanges
    

    After that is installed, then edit the unattended-upgrade configuration:

    sudo vim /etc/apt/apt.conf.d/50unattended-upgrades
    

    Paste the following into this file after emptying it, then modify items with ** **. Remember to remove the asterisks.

    APT::Periodic::Enable "1";
    APT::Periodic::Update-Package-Lists "1";
    APT::Periodic::AutocleanInterval "7";
    APT::Periodic::Unattended-Upgrade "1";
    Unattended-Upgrade::Mail "**YOUR_EMAIL_HERE**";
    
    // Automatically upgrade packages from these (origin, archive) pairs
    Unattended-Upgrade::Allowed-Origins {
    "${distro_id} stable";
    "${distro_id} ${distro_codename}-updates";
    "${distro_id} ${distro_codename}-security";
    };
    
    // You can specify your own packages to NOT automatically upgrade here
    Unattended-Upgrade::Package-Blacklist {
    // "nginx";
    // "php5-fpm";
    };
    
    Unattended-Upgrade::Automatic-Reboot "false";
    

    Install “apticron” to manage automatic execution of APT updates:

    sudo apt-get install apticron
    

    Open /etc/apticron/apticron.conf and set the EMAIL variable to your email address, so you can receive the list of changes.

    EMAIL="**me@myemailprovider.com**"
    DIFF_ONLY="1"
    LISTCHANGES_PROFILE="apticron"
    SYSTEM="**HOSTNAME.OF.SERVER**"
    NOTIFY_HOLDS="0"
    NOTIFY_NO_UPDATES="0"
    

    Open /etc/apt/listchanges.conf to configure APT to save the changes to a database:

    [apt]
    frontend=pager
    email_address=**me@myemailprovider.com**
    confirm=0
    save_seen=/var/lib/apt/listchanges.db
    which=news
    

    Need help?

    Do you need help setting up this on your own service?
    Please contact us and we’ll provide you the best possible quote!