In the dynamic world of Linux, staying up-to-date with software updates and security patches is paramount for a smooth and secure computing experience. However, manually keeping track of updates and performing system reboots can be time-consuming and prone to oversight. Enter UnattendedUpgrades, a powerful utility for Debian-based Linux systems that automates the update process, ensuring your system remains current and resilient against emerging vulnerabilities. In this comprehensive guide, we will delve into the installation, activation, and customization of UnattendedUpgrades on Debian Linux, exploring features like modifying update schedules, scheduling reboots, immediate post-upgrade reboots, and manual rebooting. Let's harness the power of automation to simplify your Linux journey and keep your system running seamlessly.
Installation
Install unattended-upgrades
.
sudo apt install -y unattended-upgrades
Activate it.
sudo dpkg-reconfigure -plow unattended-upgrades
By default, the system will check for and download upgrades twice a day:
A random time in a 12 hour window starting at 6 AM
A random time in a 12 hour window starting at 6 PM
It will then apply the upgrades once per day in a random time in a 60 minute window starting at 6 AM.
Modify the Schedule
You can override the default schedule when upgrades are applied.
sudo systemctl edit apt-daily-upgrade.timer
An editor will open. In the top section, enter the following.
[Timer]
OnCalendar=
OnCalendar=01:00
RandomizedDelaySec=0
The above example sets the upgrades to apply precisely at 1 AM every day.
The line OnCalendar=
is necessary because, without it, any additional OnCalendar
lines simply add another time to the existing defaults. This line clears the defaults first.
Once the overrides are in place, restart the timer.
sudo systemctl restart apt-daily-upgrade.timer
Scheduled Reboots
Some upgrades require rebooting the system. One strategy is to set a specific day of the month to check and perform a reboot if required.
Create the script to check and reboot if required at /usr/local/bin/reboot_if_required.sh
.
#!/bin/bash
if [ -f /var/run/reboot-required ]; then
echo "Reboot required. Initiating reboot..."
/sbin/shutdown -r now
else
echo "No reboot required."
fi
Make the script executable.
sudo chmod +x reboot_if_required.sh
Create a systemd service for the script at /etc/systemd/system/unattended_reboot.service
.
[Unit]
Description=Reboot (if required)
[Service]
Type=oneshot
ExecStart=/usr/local/bin/reboot_if_required.sh
[Install]
WantedBy=default.target
Create a matching timer for the service at /etc/systemd/system/unattended_reboot.timer
.
[Unit]
Description=Reboot (if required) once per month on the 15th at 11 PM
[Timer]
OnCalendar=*-15 23:00:00
Persistent=true
[Install]
WantedBy=timers.target
Enable the timer.
sudo systemctl enable unattended_reboot.timer
Start the timer.
sudo systemctl start unattended_reboot.timer
Rebooting Immediately After Upgrades
You could take a more aggressive rebooting strategy instead. You can set the system to automatically reboot after UnattendedUpgrades detects that one is pending.
Edit /etc/apt/apt.conf.d/50unattended-upgrades
. Uncomment this line:
//Unattended-Upgrade::Automatic-Reboot "false";
And change false
to true
.
Unattended-Upgrade::Automatic-Reboot "true";
Manual Rebooting
If you don't use either of the two automatic options above, you can manually reboot when it works for you. You can check if a reboot is pending by checking for the presence of /var/run/reboot-required
.
ls /var/run/reboot-required
If the file exists, consider rebooting at some point.
sudo shutdown -r now
Your server is now set up to apply automatic updates.
UnattendedUpgrades on Debian Linux is a game-changer when it comes to automating the update process and enhancing the overall stability and security of your system. By following the steps outlined in this article, you've learned how to install and activate UnattendedUpgrades, customize the update schedule to fit your needs, schedule reboots for minimal disruption, immediately reboot after upgrades, and manually reboot when necessary. Embracing automation frees up your time, reduces the risk of missing critical updates, and ensures your Debian Linux system remains resilient and up-to-date. With UnattendedUpgrades, you can confidently navigate the Linux landscape, knowing that your system is fortified against emerging vulnerabilities while enjoying a seamless and hassle-free computing experience.
Cover photo by Mohamed Nohassi on Unsplash.