Install unattended updates on Ubuntu

Veröffentlicht am 2018-03-052024-03-18 von Gerald

Update the system and install packages

apt-get update && apt-get install unattended-upgrades

Configure unattended upgrades

dpkg-reconfigure -plow unattended-upgrades

Replacing config file /etc/apt/apt.conf.d/20auto-upgrades with new version

Configuration

vi /etc/apt/apt.conf.d/50unattended-upgrades

Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}";
        "${distro_id}:${distro_codename}-security";
        // Extended Security Maintenance; doesn't necessarily exist for
        // every release and this system may not have it installed, but if
        // available, the policy for updates is such that unattended-upgrades
        // should also install from here by default.
        "${distro_id}ESM:${distro_codename}";
        "${distro_id}:${distro_codename}-updates";
//      "${distro_id}:${distro_codename}-proposed";
//      "${distro_id}:${distro_codename}-backports";
};


// Send email to this address for problems or packages upgrades
// If empty or unset then no email is sent, make sure that you
// have a working mail setup on your system. A package that provides
// 'mailx' must be installed. E.g. "[email protected]"
Unattended-Upgrade::Mail "unattended-upgrades";

Check config

egrep -v "\/\/|^$" /etc/apt/apt.conf.d/50unattended-upgrades

Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}";
	"${distro_id}:${distro_codename}-security";
	"${distro_id}ESM:${distro_codename}";
	"${distro_id}:${distro_codename}-updates";
};
Unattended-Upgrade::Package-Blacklist {
};
Unattended-Upgrade::DevRelease "false";
Unattended-Upgrade::AutoFixInterruptedDpkg "false";
Unattended-Upgrade::MinimalSteps "true";
Unattended-Upgrade::Mail "unattended-updates";
Unattended-Upgrade::Remove-Unused-Dependencies "true";
Unattended-Upgrade::Automatic-Reboot "false";
Unattended-Upgrade::SyslogEnable "true";
Unattended-Upgrade::SyslogFacility "daemon";

Restart Service

service unattended-upgrades restart
service unattended-upgrades status

Start at boot time

systemctl enable unattended-upgrades

Dry run

unattended-upgrades --dry-run --debug

Cronjob

crontab -e

0  0   *   *   *  /usr/bin/unattended-upgrade -d > /dev/null 2>&1