Index ¦ Archives ¦ Atom

Automatic Updates for Debian

Good security is about defence in depth, layers of security. There is no one thing that will make you secure but one of the easiest things to do that gets you the best bang for your buck is patching your software.

On windows this is called Automatic Updates, in Debian it's called Unattended Upgrades but it's essentially the same thing. There is an Unattended Upgrades page on the Debian wiki that is pretty good. Enabling updates basicly boils down to:

sudo apt-get install unattended-upgrades apt-listchanges
sudo dpkg-reconfigure -plow unattended-upgrades
vim /etc/apt/apt.conf.d/50unattended-upgrades
# Edit line 71 to send emails to a monitored address

If your current update strategy is to SSH into boxes and run sudo apt-get update && sudo apt-get dist-upgrade whenever you remember then you should look automating it with unattended upgrades. Of course a full dev > test > production patch cycle is best for large mission critical things but for small setups like the one box that runs this website unattended upgrades are perfect.

Posted on: Thu 01 December 2016

Category: Posts – Tags: Debian, Linux, Patching, Defence in Depth

Creative Commons License
Content on this site is licensed under a Creative Commons Attribution 4.0 International License.
Built using Pelican. Based on a theme by Giulio Fidente on github.