Cron-apt: Automatic Security Updates Installation

Introduction link

My goal is to install security updates automatically. Obviously this kind of approach is not really recommended, but on a Debian stable system where only security updates are installed, we minimize the risks.

So I started looking for a tool to do this kind of thing and found cron-apt.

Installation link

Simply:

  aptitude install cron-apt
  

Configuration link

Now that it’s installed, let’s create a file that will contain only the Debian security repositories:

  grep security /etc/apt/sources.list > /etc/apt/security.sources.list
  

Then let’s edit the cron-apt configuration file to use aptitude, send update status emails, and specify that we only want security updates:

  APTCOMMAND=/usr/bin/aptitude
OPTIONS="-o quiet=1 -o Dir::Etc::SourceList=/etc/apt/security.sources.list"
MAILTO="xxx@mycompany.com"
MAILON="always"
  

Then we just need to modify the default actions to perform. By default, it only downloads packages without installing them (because of the -d option on the dist-upgrade line). That’s why we are going to modify this file accordingly:

  autoclean -y
dist-upgrade -y -o APT::Get::Show-Upgraded=true
  

Finally, if you want to change the update time, check this file and adapt it according to your needs:

  #
# Regular cron jobs for the cron-apt package
#
# Every night at 4 o'clock.
0 4	* * *	root	test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt
# Every hour.
# 0 *	* * *	root	test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt /etc/cron-apt/config2
# Every five minutes.
# */5 *	* * *	root	test -x /usr/sbin/cron-apt && /usr/sbin/cron-apt /etc/cron-apt/config2