Automating System Updates with Unattended-Upgrades on Ubuntu
Maintaining an up-to-date system is crucial for security and stability. On Debian and Ubuntu systems, the unattended-upgrades package simplifies this process by automating the installation of security updates and essential package upgrades. This guide provides a comprehensive overview of installing, configuring, and managing unattended-upgrades to ensure your system remains secure with minimal manual intervention.
To automate the installation and configuration of Unattended-Upgrades on Ubuntu 24.04 you can create a shell script that performs the following tasks:
- Install the Unattended-Upgrades Package: Ensure the package is installed.
- Enable Automatic Updates: Configure the system to perform daily package list updates and unattended upgrades.
- Configure Unattended-Upgrades: Modify settings to include regular package updates and set up email notifications.
Here’s a script that accomplishes these steps:
#!/bin/bash
# Update package lists and install unattended-upgrades
sudo apt update && sudo apt install -y unattended-upgrades
# Enable automatic updates
sudo tee /etc/apt/apt.conf.d/20auto-upgrades > /dev/null <<EOL
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
EOL
# Configure unattended-upgrades
sudo sed -i 's|//\("${distro_id}:${distro_codename}-updates";\)|\1|' /etc/apt/apt.conf.d/50unattended-upgrades
sudo sed -i 's|//Unattended-Upgrade::Mail "";|Unattended-Upgrade::Mail "[email protected]";|' /etc/apt/apt.conf.d/50unattended-upgrades
sudo sed -i 's|//Unattended-Upgrade::Automatic-Reboot "false";|Unattended-Upgrade::Automatic-Reboot "true";|' /etc/apt/apt.conf.d/50unattended-upgrades
sudo sed -i 's|//Unattended-Upgrade::Automatic-Reboot-Time "02:00";|Unattended-Upgrade::Automatic-Reboot-Time "02:00";|' /etc/apt/apt.conf.d/50unattended-upgrades
# Restart the unattended-upgrades service to apply changes
sudo systemctl restart unattended-upgrades
echo "Unattended-Upgrades has been installed and configured."Script Breakdown:
- Installation: Updates package lists and installs the
unattended-upgradespackage. - Enable Automatic Updates: Writes configuration to
/etc/apt/apt.conf.d/20auto-upgradesto enable daily package list updates and unattended upgrades. - Configure Unattended-Upgrades:
- Include Regular Package Updates: Uncomments the line for
${distro_id}:${distro_codename}-updatesin/etc/apt/apt.conf.d/50unattended-upgrades. - Email Notifications: Sets the
Unattended-Upgrade::Maildirective to your email address. Replace[email protected]with your actual email. - Automatic Reboot: Enables automatic reboot after updates and sets the reboot time to 2:00 AM.
Usage Instructions:
- Create the Script: Open a terminal and create a new script file:
nano setup-unattended-upgrades.sh
- Paste the Script: Copy the script above and paste it into the file.
- Save and Exit: Save the file and exit the editor.
- Make the Script Executable: Change the file’s permissions to make it executable:
chmod +x setup-unattended-upgrades.sh
- Run the Script: Execute the script:
./setup-unattended-upgrades.sh
After running the script, Unattended-Upgrades will be installed and configured to perform daily updates, including regular package updates, send email notifications, and automatically reboot the system at 2:00 AM if necessary.
Note: Ensure that your system’s mail service is configured correctly to send emails. You may need to install and configure a mail transfer agent (MTA) like Postfix or Exim. For more information on setting up email notifications, refer to the Debian Wiki on UnattendedUpgrades.
Discover more from Patrick Domingues
Subscribe to get the latest posts sent to your email.
Loading ...