I recently wrote about the cron job that I run to keep my Debian and Debian-like servers up to date automatically.
It turns out that apt-get (or libapt, more specifically) has a mechanism to automatically download and install security updates. This will work across package management applications (apt-get, synaptic, aptitude, etc) and is very simple to setup. Edit /etc/apt/apt.conf.d/10periodic to include the following:
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "0";
APT::Periodic::Unattended-Upgrade "1";
Your distribution should already have a cron job (usually in /etc/cron.daily/apt) that runs every day and updates as per these configuration options. To see the entire config, run
$ apt-config dump
For those interested, this configuration setting is what Synaptic sets when using its “Install security updates without confirmation” option.
Armin Fürst | 12-Feb-08 at 3:48 am | Permalink
Thanks for the blogs, but what about security-updates requiring interactions of the administrator? Usually, an update of openssl asks interactively which services are to be restarted and a kernel-upgrade will always require a reboot. Do you have a solution for these issues?