Security updates on Debian, automatically

09 Aug 2019

Any computer that connects to the internet should have security updates installed daily. Miss an important update because you’re on vacation and your server could be hacked before you return. The easiest way to keep a computer updated is to have the computer do it for you.

The Debian operating system has a package called unattended-upgrades that will check for software updates and install them daily. It’s easy to set up and requires no maintenance. It will even reboot the server if needed.

How to install it

Run the following command as root:

apt-get install unattended-upgrades apt-listchanges

How to set it up

The default settings are fine but if you need to customize them, edit the config file at /etc/apt/apt.conf.d/50unattended-upgrades.

You can review the updates by examining the log at /var/log/unattended-upgrades. Or the server can email you—read the official docs on how to set that up.

Will it break something?

The chances of an unpatched server being hacked are probably greater than an unattended update breaking something.