Travis Horn

Streamline Your Linux Experience with Automatic Updates

Streamline Your Linux Experience with Automatic Updates

Travis Horn's photo
Travis Horn
·

3 min read

In the dynamic world of Linux, staying up-to-date with software updates and security patches is paramount for a smooth and secure computing experience. However, manually keeping track of updates and performing system reboots can be time-consuming and prone to oversight. Enter UnattendedUpgrades, a powerful utility for Debian-based Linux systems that automates the update process, ensuring your system remains current and resilient against emerging vulnerabilities. In this comprehensive guide, we will delve into the installation, activation, and customization of UnattendedUpgrades on Debian Linux, exploring features like modifying update schedules, scheduling reboots, immediate post-upgrade reboots, and manual rebooting. Let's harness the power of automation to simplify your Linux journey and keep your system running seamlessly.

Installation

Install unattended-upgrades.

sudo apt install -y unattended-upgrades

Activate it.

sudo dpkg-reconfigure -plow unattended-upgrades

By default, the system will check for and download upgrades twice a day:

  • A random time in a 12 hour window starting at 6 AM

  • A random time in a 12 hour window starting at 6 PM

It will then apply the upgrades once per day in a random time in a 60 minute window starting at 6 AM.

Modify the Schedule

You can override the default schedule when upgrades are applied.

sudo systemctl edit apt-daily-upgrade.timer

An editor will open. In the top section, enter the following.

[Timer]
OnCalendar=
OnCalendar=01:00
RandomizedDelaySec=0

The above example sets the upgrades to apply precisely at 1 AM every day.

The line OnCalendar= is necessary because, without it, any additional OnCalendar lines simply add another time to the existing defaults. This line clears the defaults first.

Once the overrides are in place, restart the timer.

sudo systemctl restart apt-daily-upgrade.timer

Scheduled Reboots

Some upgrades require rebooting the system. One strategy is to set a specific day of the month to check and perform a reboot if required.

Create the script to check and reboot if required at /usr/local/bin/reboot_if_required.sh.

#!/bin/bash

if [ -f /var/run/reboot-required ]; then
  echo "Reboot required. Initiating reboot..."
  /sbin/shutdown -r now
else
  echo "No reboot required."
fi

Make the script executable.

sudo chmod +x reboot_if_required.sh

Create a systemd service for the script at /etc/systemd/system/unattended_reboot.service.

[Unit]
Description=Reboot (if required)

[Service]
Type=oneshot
ExecStart=/usr/local/bin/reboot_if_required.sh

[Install]
WantedBy=default.target

Create a matching timer for the service at /etc/systemd/system/unattended_reboot.timer.

[Unit]
Description=Reboot (if required) once per month on the 15th at 11 PM

[Timer]
OnCalendar=*-15 23:00:00
Persistent=true

[Install]
WantedBy=timers.target

Enable the timer.

sudo systemctl enable unattended_reboot.timer

Start the timer.

sudo systemctl start unattended_reboot.timer

Rebooting Immediately After Upgrades

You could take a more aggressive rebooting strategy instead. You can set the system to automatically reboot after UnattendedUpgrades detects that one is pending.

Edit /etc/apt/apt.conf.d/50unattended-upgrades. Uncomment this line:

//Unattended-Upgrade::Automatic-Reboot "false";

And change false to true.

Unattended-Upgrade::Automatic-Reboot "true";

Manual Rebooting

If you don't use either of the two automatic options above, you can manually reboot when it works for you. You can check if a reboot is pending by checking for the presence of /var/run/reboot-required.

ls /var/run/reboot-required

If the file exists, consider rebooting at some point.

sudo shutdown -r now

Your server is now set up to apply automatic updates.

UnattendedUpgrades on Debian Linux is a game-changer when it comes to automating the update process and enhancing the overall stability and security of your system. By following the steps outlined in this article, you've learned how to install and activate UnattendedUpgrades, customize the update schedule to fit your needs, schedule reboots for minimal disruption, immediately reboot after upgrades, and manually reboot when necessary. Embracing automation frees up your time, reduces the risk of missing critical updates, and ensures your Debian Linux system remains resilient and up-to-date. With UnattendedUpgrades, you can confidently navigate the Linux landscape, knowing that your system is fortified against emerging vulnerabilities while enjoying a seamless and hassle-free computing experience.

Cover photo by Mohamed Nohassi on Unsplash.

LinuxdebianautomationSecurityunattendedupgrades