automatic-security-installs

Automatic security updates

Installing security updates should just happen. It should not require me to initiate anything, or bother me with questions. Just do it.

For that to happen, I had to change the default configuration of dpkg (I should file a whishlist bug on dpkg for this).

  1. Configure apt-get to run dpkg so it does not bother me with a question if I want to keep your customized conffiles. This is done by putting a file in /etc/apt/apt.conf.d/ with the following content:

////// Contents of file /etc/apt/apt.conf.d/50automatic-security-installs // Do default handling of changed conffiles (should be keep user changes) // If default is set to do nothing, then keep user changes Dpkg::Options {"—force-confold";} //////////////// end of /etc/apt/apt.conf.d/50automatic-security-installs

  1. Add two cron jobs with the following (modify the time so that the servers are not flooded with requests at any particular moment). I prefer to use my normal user account and sudo, in order to ease the editing of the crontab.

# update the packages register at 16:00 every day. 0 16 * * /2 LANG=C sudo apt-get update # automatically install any new security updates at 16:30 every day. 30 16 * */2 LANG=C sudo apt-get -y dist-upgrade

comments powered by Disqus

Back to the index

Blog roll

R-bloggers, Debian Weekly
Valid XHTML 1.0 Strict [Valid RSS] Valid CSS! Emacs Muse Last modified: oktober 17, 2019