Cron-apt: Automatic Security Updates Installation
Introduction
My goal is to install security updates automatically. Obviously this kind of approach is not really recommended, but on a Debian stable system where only security updates are installed, we minimize the risks.
So I started looking for a tool to do this kind of thing and found cron-apt.
Installation
Simply:
aptitude install cron-apt
Configuration
Now that it’s installed, let’s create a file that will contain only the Debian security repositories:
grep security /etc/apt/sources.list > /etc/apt/security.sources.list
Then let’s edit the cron-apt configuration file to use aptitude, send update status emails, and specify that we only want security updates:
APTCOMMAND=/usr/bin/aptitude
OPTIONS="-o quiet=1 -o Dir::Etc::SourceList=/etc/apt/security.sources.list"
MAILTO="xxx@mycompany.com"
MAILON="always"
Then we just need to modify the default actions to perform. By default, it only downloads packages without installing them (because of the -d option on the dist-upgrade line). That’s why we are going to modify this file accordingly:
autoclean -y
dist-upgrade -y -o APT::Get::Show-Upgraded=true
Finally, if you want to change the update time, check this file and adapt it according to your needs:
#
# Regular cron jobs for the cron-apt package
#
# Every night at 4 o'clock.
0 4 * * * root test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt
# Every hour.
# 0 * * * * root test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt /etc/cron-apt/config2
# Every five minutes.
# */5 * * * * root test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt /etc/cron-apt/config2
Last updated 18 May 2014, 11:34 CEST.