Ubuntu Server It is the version or 'flavor' dedicated to its use on servers and as such it is very likely that administrators will end up accessing it remotely via SSH, to perform configuration tasks and also update. This can be a lot of work, but luckily in Linux there is always some way to do things faster and more efficiently, and that is what we are going to show in this post.
The idea is configure Ubuntu Server to perform security updates automatically, and so although we have to take care of other updates (for example, those of some services or apps that we have installed) at least we will be doing a good part of the work in an automated way, and with it the time savings and the peace of mind that this implies are really important.
The good thing about all this is that the system is extremely configurable, and we can modify it whenever we want to stop updating automatically, or to change the repositories from which we update. To get started, what we need is to install the package unattended-upgrades, something that we do in the following way:
# apt-get install unattended-upgrades
With this, a configuration file is installed in our system that will be located in /etc/apt/apt.conf.d/50unatended-upgrades, and what will allow us configure the repositories from which we will receive updates, as well as the packages that we want to mark not to update (blacklist) So we have the flexibility to determine if we want to exclude certain apps or services from this scheme of automatic updates.
Now, what we must do is open said file with our favorite editor, to modify it and make it ready:
#nano /etc/apt/apt.conf.d/50unattended-upgrades
What we have to do is leave the section Allowed Origins as we see below:
// Automatically upgrade packages from these (origin: archive) paris
Unattended-Upgrade :: Allowed-Origins {
"$ {Distro_id}: $ {distro_codename} -security";
// "$ {distro_id}: $ {distro_codename} -updates";
// "$ {distro_id}: $ {distro_codename} -proposed";
// "$ {distro_id}: $ {distro_codename} -backports";
};
Then we can just enable updates, proposed or backports repositories just remove the comment mark (//) and save the file. Once we have decided on this we go to the section Package-Blocklist, which is just below, and what in this case we must do is add the packages that we do NOT want to update, so that at the end it should be something similar to this:
// List of packages to not update
Unattended-Upgrade :: Package-Blacklist {
// "vim";
// "libc6";
// "libc6-dev";
// "libc6-i686";
};
Now the last thing we have left is enable automatic updates on Ubuntu Server, for which we open the file /etc/apt/apt.d.conf.d/10periodic for editing:
#nano /etc/apt/apt.conf.d/10periodic
What we do is change the 0 to 1 to activate automatic updates, and the opposite to deactivate them, so that our file should look something similar to this:
APT :: Periodic :: Update-Package-Lists "1";
APT :: Periodic :: Download-Upgradeable-Packages "1";
APT :: Periodic :: AutocleanInterval "7";
APT :: Periodic :: Unattended-Upgrade "1";
That's all; as we see it is something truly simple and thanks to which we can securely maintain our Ubuntu Server installations, being able to deactivate it very quickly if we wish at some point.