Debian is a volunteer project that has developed and maintained a GNU/Linux operating system for well over a decade. Since its launch, the Debian project has grown to comprise more than 1,000 members with official developer status, alongside many more volunteers and contributors. Today, Debian encompasses over 50,000 packages of free, open source applications and documentation. The popular distribution Ubuntu builds on the Debian architecture and infrastructure and collaborates widely with Debian developers, but there are important differences. Ubuntu has a distinctive user interface, a separate developer community (though many developers participate in both projects) and a different release process.
If you decide to use a Debian server for your project (good idea – it’s secure, robust and fast), then you should always have the latest security patches and updates, whether you’re asleep or not. This is actually pretty easy to do. Here’s how.
First make sure you are all up to date with the latest updates for the system. Use su command to change to the root user and then:
apt-get update && apt-get dist-upgrade
Run this command to install the “unattended-upgrades” package, along with a package to identify the changes:
apt-get install unattended-upgrades apt-listchanges
After that is installed, then edit the unattended-upgrade configuration:
nano /etc/apt/apt.conf.d/50unattended-upgrades
Paste the following into this file after emptying it, then modify items with ** **. Remember to remove the asterisks.
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";
Unattended-Upgrade::Mail "**YOUR_EMAIL_HERE**";
// Automatically upgrade packages from these
Unattended-Upgrade::Origins-Pattern {
"o=Debian,a=stable";
"o=Debian,a=stable-updates";
"o=Debian,a=proposed-updates";
"origin=Debian,codename=${distro_codename},label=Debian-Security";
};
// You can specify your own packages to NOT automatically upgrade here
Unattended-Upgrade::Package-Blacklist {
// "vim";
// "libc6";
// "libc6-dev";
// "libc6-i686";
};
Unattended-Upgrade::MailOnlyOnError "true";
Unattended-Upgrade::Automatic-Reboot "false";
Note: You can set Automatic-Reboot to true if you want your server to reboot when it’s necessary.
Install “apticron” to manage automatic execution of APT updates:
apt -y install apticron
Open /etc/apticron/apticron.conf and set the EMAIL variable to your email address, so you can receive the list of changes.
EMAIL="**me@example.com**" DIFF_ONLY="1" LISTCHANGES_PROFILE="apticron" SYSTEM="**HOSTNAME.OF.SERVER**" NOTIFY_HOLDS="0" NOTIFY_NO_UPDATES="0"
Note: you will need to configure your server to be able to send email.
Open /etc/apt/listchanges.conf to configure APT to save the changes to a database:
[apt] frontend=pager email_address=**me@example** confirm=0 save_seen=/var/lib/apt/listchanges.db which=news
You can run unattended-upgrade manually with debug mode to see if it works correctly:
unattended-upgrade -d
Note: Ubuntu servers tend to have all this set up by default.
