How to configure automated security updates on Linux

2022-10-18
Mirsad

Keeping your system up-to-date with the latest packages and security updates can be a tedious task. Most users forget to do it, leaving them vulnerable to countless threats. Automate security (and other package) updates with the utility Unattended Upgrades on Debian or Ubuntu.

You can set up automated security updates on Linux by installing a helpful utility called unattended-upgrades.

Install it running the following command:

sudo apt install unattended-upgrades

After the installation completes, you can enable and start the unattended-upgrades service by running the following commands:

sudo systemctl enable unattended-upgrades

And this one:

sudo systemctl start unattended-upgrades

Configure unattended-upgrades file

The unattended-upgrades configuration file is found in the /etc/apt/apt.conf.d directory.

Access the configuration file with the following command:

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

The unattended-upgrades package ignores lines that start with // as that line is considered to be a comment.

If you want a repository to update automatically, you need to remove // from that line.

For our purposes, we only need to remove // from the “security” line.

The Unattended-Upgrade::Package-Blacklist section of the config file allows you to block upgrades for specific packages.

You can also use hold option by running following command:

sudo apt-mark hold package-name

Enable Automatic Upgrades

The final step to enable automatic updates is to edit the auto-upgrades file with the command:

sudo nano /etc/apt/apt.conf.d/20auto-upgrades

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::AutocleanInterval "7";

Testing automatic upgrades

To verify that the automatic upgrades are set up correctly perform a dry run. The dry run command ensures that the update is only a simulation and that no actual changes will take place. Use the command:

sudo unattended-upgrades --dry-run --debug

Join our team

If you're interested in joining our team to assist in researching modern threats across web3, please don't hesitate to reach out to us.

Contact Us

Ready for Action?

Don’t hesitate to contact us if you need more information.
Let's Go!
ALVOSEC
BTC: bc1qnn4zfqqtexl4fkjk2vz6tk74sn92x326wwn0ph

linkedin facebook pinterest youtube rss twitter instagram facebook-blank rss-blank linkedin-blank pinterest youtube twitter instagram