Emmabuntus, Ubuntu, Derivate, Linux, Open Source BackTrack, Linux, distributions, Ubuntu, derivate, securuty, forensic VirtualBox, Linux, Ubuntu, Raring Ringtail synaptic, Ubuntu, Linux, software packages jwplayer, multimedia, Linux, Ubuntu, flash Meshlab, graphic, software, Ubuntu, open source, Linux Synapse, Linux, Ubuntu, raring, Quantal Gimp, Ubuntu, Linux FreeMind, Linux, open source Linux, infographic, history

How to configure your system to automatically install Automatic Security Updates.

Introduction


This is a simple tutorial that will teach you to configure your system to automatically install security updates. 

There are always some security risks involved in running software upgrades without supervision, but there are also benefits. 

If you believe it's important to stay up to date with the latest security patches, then you should follow this simple tutorial.
There are several options for enabling automatic updates:
  • Use the GNOME Update Manager
  • Use the "unattended-upgrades" package
  • Write your own cron script that calls aptitude
  • Use cron-apt
See also: AutoWeeklyUpdateHowTo
 

Using GNOME Update Manager


If you are using GNOME, go to the "System" menu, then "Administration", then "Update Manager", then "Settings".
Open up the "Updates" tab and in the "Automatic updates" section select "Install security updates without confirmation". 


Using the "unattended-upgrades" package


Install the unattended-upgrades package if it isn't already installed ("apt-get install unattended-upgrades"). You may configure the package via the command line; simply change your /etc/apt/apt.conf.d/10periodic to:
APT::Periodic::Enable "1";
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "5";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::RandomSleep "1800";

Details about what these values mean may be found in the header of the /etc/cron.daily/apt file. Note:
  • When the apt job starts, it will sleep for a random period between 0 and APT::Periodic::RandomSleep seconds. The default value is "1800" so that the script will stall for up to 30 minutes (1800 seconds) so that the mirror servers are not crushed by everyone running their updates all at the same time. Only set this to 0 if you use a local mirror and don't mind the load spikes. Note that while the apt job is sleeping it will cause the execution of the rest of your cron.daily jobs to be delayed.
  • If you want the script to generate more verbose output set APT::Periodic::Verbose "1";
And /etc/apt/apt.conf.d/50unattended-upgrades:
// Automatically upgrade packages from these (origin, archive) pairs
Unattended-Upgrade::Allowed-Origins {    
    // ${distro_id} and ${distro_codename} will be automatically expanded
    "${distro_id} stable";
    "${distro_id} ${distro_codename}-security";
    "${distro_id} ${distro_codename}-updates";
//  "${distro_id} ${distro_codename}-proposed-updates";
};

// List of packages to not update
Unattended-Upgrade::Package-Blacklist {
//  "vim";
//  "libc6";
//  "libc6-dev";
//  "libc6-i686";
};




// Send email to this address for problems or packages upgrades
// If empty or unset then no email is sent, make sure that you 
// have a working mail setup on your system. The package 'mailx'
// must be installed or anything that provides /usr/bin/mail.
//Unattended-Upgrade::Mail "root@localhost";

// Do automatic removal of new unused dependencies after the upgrade
// (equivalent to apt-get autoremove)
//Unattended-Upgrade::Remove-Unused-Dependencies "false";

// Automatically reboot *WITHOUT CONFIRMATION* if a 
// the file /var/run/reboot-required is found after the upgrade 
//Unattended-Upgrade::Automatic-Reboot "false";
 

Using cron and aptitude


To begin, press Alt+F2 and create a new file:
gksudo gedit /etc/cron.weekly/apt-security-updates

If you're using KDE, use this command instead:
kdesudo kate /etc/cron.weekly/apt-security-updates

Copy the following text into this new file, save, and exit: 

echo "**************" >> /var/log/apt-security-updates
date >> /var/log/apt-security-updates
aptitude update >> /var/log/apt-security-updates
aptitude safe-upgrade -o Aptitude::Delete-Unused=false --assume-yes --target-release `lsb_release -cs`-security >> /var/log/apt-security-updates
echo "Security updates (if any) installed"
 

Recently (since Ubuntu 7.10), the aptitude action 'upgrade' is deprecated. There are now two ways to upgrade, a safe one (conservative, if an update needs to add or remove dependencies, it won't update) and a full one (it will always upgrade even though it impacts other packages by adding them or removing them, previously called 'dist-upgrade').

The actions are now 'safe-upgrade' or 'full-upgrade'. See the manual page of aptitude (man aptitude) for more details. 

Once you are complete, you want to make the file executable. So, via the terminal, type the following line: 

sudo chmod +x /etc/cron.weekly/apt-security-updates
 

This script will run once weekly and it installs all available packages from the security repository. It also generates a log in /var/log/apt-security-updates for later inspection in case something goes wrong. 

This script will output information to a log file, so to prevent this log file from getting too large we need to make sure it gets rotated out. To do this, we'll use the logrotate utility, which comes with Ubuntu. Press Alt+F2 and type this command: 

gksudo gedit /etc/logrotate.d/apt-security-updates
 For KDE, use this command instead: 

kdesudo kate /etc/logrotate.d/apt-security-updates
 Paste this into the editor, save, and exit: 

/var/log/apt-security-updates {
        rotate 2
        weekly
        size 250k
        compress
        notifempty
}

This will rotate the log file every week (weekly), or if it's over 250kB in size (size 250k), compressing old versions (compress). The previous two log files will be kept (rotate 2), and no rotation will occur if the file is empty (notifempty).

Using cron-apt to handle automatic updating.

Updating can be also done automatically by using package called cron-apt. Please read man page before doing anything. 


Custom Search

Adserver           610x250


If you liked this article, subscribe to the feed by clicking the image below to keep informed about new contents of the blog:


rss_trappola
Do you consider this article interesting? Share it on your network of Twitter contacts, on your Facebook wall or simply press "+1" to suggest this result in searches in Google, Linkedin, Instagram or Pinterest. Spreading content that you find relevant helps this blog to grow. Thank you!
Share on Google Plus

About Hugo

Ubuntu is a Linux distribution that offers an operating system predominantly focused on desktop computers but also provides support for servers. Based on Debian GNU / Linux, Ubuntu focuses on ease of use, freedom in usage restriction, regular releases (every 6 months) and ease of installation.
    Blogger Comment
    Facebook Comment

0 comments:

Post a Comment