Debian provides a package called “unattended-upgrades” to automate security updates. Here’s how you can configure it:
- Install the unattended-upgrades package:
sudo apt-get install unattended-upgrades
- Open the configuration file:
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
- Enable the automatic upgrade of security updates:
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}-security";
// "${distro_id}:${distro_codename}-updates";
// "${distro_id}:${distro_codename}-proposed";
// "${distro_id}:${distro_codename}-backports";
};
- Enable email notifications for upgrades:
Unattended-Upgrade::Mail "root";
Unattended-Upgrade::MailOnlyOnError "true";
- Save and close the configuration file.
- Update the package index and upgrade the system to ensure that the latest security updates are installed:
sudo apt-get update
sudo apt-get upgrade
- Verify that the unattended upgrades are working:
sudo unattended-upgrades --dry-run --debug
This should give you an overview of what upgrades will be performed, without actually installing any packages.
By default, unattended upgrades run daily, but you can change the schedule by modifying the “Unattended-Upgrade::Periodic::” settings in the configuration file.
Note: Before enabling automatic security updates, it is recommended to test the upgrades on a test environment to ensure that there are no unintended consequences.