Warnaud's Wiki

User Tools

Site Tools

You are here: start » os » debian » unattendedupgrades
os:debian:unattendedupgrades

This is an old revision of the document!

Table of Contents

Auto updates

Here's how to setup your debian to update automatically

Install

apt-get install -y unattended-upgrades apt-listchanges mailutils postfix

Config

vi /etc/apt/apt.conf.d/50unattended-upgrades
// Automatically upgrade packages from these (origin:archive) pairs
//
// Note that in Ubuntu security updates may pull in new dependencies
// from non-security sources (e.g. chromium). By allowing the release
// pocket these get automatically pulled in.
Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}";
        "${distro_id}:${distro_codename}-security";
        // Extended Security Maintenance; doesn't necessarily exist for
        // every release and this system may not have it installed, but if
        // available, the policy for updates is such that unattended-upgrades
        // should also install from here by default.
        //"${distro_id}ESMApps:${distro_codename}-apps-security";
        //"${distro_id}ESM:${distro_codename}-infra-security";
        "${distro_id}:${distro_codename}-updates";
        //"${distro_id}:${distro_codename}-proposed";
        //"${distro_id}:${distro_codename}-backports";
        "Docker:{distro_codename}";
};
// Send email to this address for problems or packages upgrades
// If empty or unset then no email is sent, make sure that you
// have a working mail setup on your system. A package that provides
// 'mailx' must be installed. E.g. "user@example.com"
Unattended-Upgrade::Mail "arnaud+XXXXXXXXX@fortier-family.com";
 
// Set this value to one of:
//    "always", "only-on-error" or "on-change"
// If this is not set, then any legacy MailOnlyOnError (boolean) value
// is used to chose between "only-on-error" and "on-change
Unattended-Upgrade::MailReport "on-change";
 
// Remove unused automatically installed kernel-related packages
// (kernel images, kernel headers and kernel version locked tools).
Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";

Automate: 

dpkg-reconfigure -plow unattended-upgrades

Mails: 

dpkg-reconfigure postfix
systemctl reload postfix

Test: 

unattended-upgrade -d

Mail via msmtp

 apt install msmtp msmtp-mta mailutils
vi /etc/msmtprc
defaults
auth           on
tls            on
tls_starttls   off
tls_trust_file /etc/ssl/certs/ca-certificates.crt
 
# SMTP server config 
account        default
host           mail.fortier-family.com
port           465
from           arnaud+oracle@fortier-family.com
user           arnaud@fortier-family.com
password       *********LOL***********

Test: 

echo "Test mail from $(hostname)" | mail -s "Test subject" arnaud+srv1@fortier-family.com

Kali

Following https://bugs.kali.org/view.php?id=8587
Change in /etc/apt/apt.conf.d/50unattended-upgrades 

//        "origin=Debian,codename=${distro_codename},label=Debian-Security";
//        "origin=Debian,codename=${distro_codename}-security,label=Debian-Security";
 
        "origin=Kali,codename=${distro_codename}";

Reference

os/debian/unattendedupgrades.1759494097.txt.gz · Last modified: by warnaud