Profile photo of Travis Horn Travis Horn

Streamline Your Linux Experience with Automatic Updates

2023-08-16
Streamline Your Linux Experience with Automatic Updates

Staying up-to-date with software updates and security patches is important for a secure computing experience. However, manually keeping track of updates and performing system reboots can be time-consuming and prone to oversight. Enter UnattendedUpgrades, a powerful utility for Debian that automates the update process, keeping your system current. In this guide, we will walk through the installation and customization of UnattendedUpgrades on Debian Linux, exploring features like modifying update schedules and scheduling reboots.

Installation

Install unattended-upgrades.

sudo apt install -y unattended-upgrades

Activate it.

sudo dpkg-reconfigure -plow unattended-upgrades

By default, the system will check for and download upgrades twice a day:

  • A random time in a 12 hour window starting at 6 AM

  • A random time in a 12 hour window starting at 6 PM

It will then apply the upgrades once per day in a random time in a 60 minute window starting at 6 AM.

Modify the Schedule

You can override the default schedule when upgrades are downloaded.

sudo systemctl edit apt-daily.timer

And editor will open. In the top section, enter the following.

[Timer]
OnCalendar=
OnCalendar=01:00

The above example sets the upgrades to download around 1 AM every day.

The line OnCalendar= (blank) is necessary because, without it, any additional OnCalendar lines simply add another time to the existing defaults. This line clears the defaults first.

Once the overrides are in place, restart the timer.

sudo systemctl restart apt-daily.timer

You can override the default schedule when upgrades are applied, as well.

sudo systemctl edit apt-daily-upgrade.timer

Follow the same procedure as when you edited the apt-daily.timer above: Write the timer configuration lines and restart the timer.

Scheduled Reboots

Some upgrades require rebooting the system. One strategy is to set a specific day of the month to check and perform a reboot if required.

Create the script to check and reboot if required at /usr/local/bin/reboot_if_required.sh.

#!/bin/bash

if [ -f /var/run/reboot-required ]; then
  echo "Reboot required. Initiating reboot..."
  /sbin/shutdown -r now
else
  echo "No reboot required."
fi

Make the script executable.

sudo chmod +x reboot_if_required.sh

Create a systemd service for the script at /etc/systemd/system/unattended_reboot.service.

[Unit]
Description=Reboot (if required)

[Service]
Type=oneshot
ExecStart=/usr/local/bin/reboot_if_required.sh

[Install]
WantedBy=default.target

Create a matching timer for the service at /etc/systemd/system/unattended_reboot.timer.

[Unit]
Description=Reboot (if required) once per month on the 15th at 11 PM

[Timer]
OnCalendar=*-15 23:00:00
Persistent=true

[Install]
WantedBy=timers.target

Enable the timer.

sudo systemctl enable unattended_reboot.timer

Start the timer.

sudo systemctl start unattended_reboot.timer

Rebooting Immediately After Upgrades

You could take a more aggressive rebooting strategy instead. You can set the system to automatically reboot after UnattendedUpgrades detects that one is pending.

Edit /etc/apt/apt.conf.d/50unattended-upgrades. Uncomment this line:

//Unattended-Upgrade::Automatic-Reboot "false";

And change false to true.

Unattended-Upgrade::Automatic-Reboot "true";

Manual Rebooting

If you don’t use either of the two automatic options above, you can manually reboot when it works for you. You can check if a reboot is pending by checking for the presence of /var/run/reboot-required.

ls /var/run/reboot-required

If the file exists, consider rebooting at some point.

sudo shutdown -r now

Your server is now set up to apply automatic updates.

UnattendedUpgrades on Debian Linux is a game-changer when it comes to automating the update process and enhancing the overall stability and security of your system. By following the steps outlined in this article, you’ve learned how to install and activate UnattendedUpgrades, customize the update schedule to fit your needs, schedule reboots for minimal disruption, immediately reboot after upgrades, and manually reboot when necessary. Automation frees up your time, reduces the risk of missing critical updates, and ensures your Debian Linux system remains resilient and up-to-date. With this setup, you always know that your system is fortified against emerging vulnerabilities.

Cover photo by Mohamed Nohassi on Unsplash.

Here are some more articles you might like:

Firewall Configuration with nftables
Firewalls are an essential part of network security, and [nftables](https://www.nftables.org/projects/nftables/index.html) is a powerful tool for conf…
Rolling Your Own Continuous Deployment with Node.js, Git, PM2, and Linux
Continuous deployment involves frequently integrating code changes into a shared repository. This allows for your production app to be updated with th…
Serving Next.js Apps on your Linux Server
In this tutorial, we will explore the process of serving Next.js apps on a Linux server. Next.js is a powerful framework for building server-side rend…