Debian Unattended upgrades

Written by Stefan on Tue 06 April 2021. Posted in Blog. Tags: #linux  #debian  #security 

Nearly all of my Virtual machines are running with Debian Linux and to provide them automatically with the latest security fixes, I am using Debian’s Unattended Upgrades. To install unattended-upgrades, I am using the following command line:

    apt-get install unattended-upgrades

By default, only Security-related packages are upgraded which is for my use-case okay. In the configuration file /etc/apt/apt.conf.d/50unattended-upgrades I am adjusting some settings.

For example I want to have an Email notification for upgrades or problems or a Logging to my syslog server. To accomplish this, I am changing some limes in this configuration file like shown below:

    // email
    Unattended-Upgrade::Mail "email@example.com";
    Unattended-Upgrade::MailReport "on-change";

    // cleanup
    Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
    Unattended-Upgrade::Remove-New-Unused-Dependencies "true";
    Unattended-Upgrade::Remove-Unused-Dependencies "false";

    // bandwidth limitation
    Acquire::http::Dl-Limit "500";

    // syslog
    Unattended-Upgrade::SyslogEnable "true";
    Unattended-Upgrade::SyslogFacility "daemon";

Afterwards I am running the command dpkg-reconfigure -plow unattended-upgrades to ensure the automatic upgrades are activated.