Sunday, October 7, 2007

Apt-get DOES have an option for automatic security updates

I recently wrote about the cron job that I run to keep my Debian and Debian-like servers up to date automatically.

It turns out that apt-get (or libapt, more specifically) has a mechanism to automatically download and install security updates. This will work across package management applications (apt-get, synaptic, aptitude, etc) and is very simple to setup. Edit /etc/apt/apt.conf.d/10periodic to include the following:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "0";
APT::Periodic::Unattended-Upgrade "1";

Your distribution should already have a cron job (usually in /etc/cron.daily/apt) that runs every day and updates as per these configuration options. To see the entire config, run

$ apt-config dump

For those interested, this configuration setting is what Synaptic sets when using its "Install security updates without confirmation" option.

Thanks to g for pointing this out.

No comments:

Post a Comment