Unattended Upgrades?

I’ve been using Salt Stack to deploy configuration lately, I’ve set things up so that Debian unattended-upgrades is automatically installed on all systems to keep things patched. With some recent vulnerabilities I decided to check in on all the systems I oversee to make sure everything is running how I think it should be running.

I learned that Debian Jessie and Debian Wheezy “just work”.

apt-get install unattended-upgrades
dpkg-reconfigure unattended-upgrades

Answer Yes to enable updates. Simple enough.

I learned that /var/log/unattended-upgrades/unattended-upgrades.log tells you everything you need to know about what has been installed and when.

I learned that some older Debian squeeze-lts systems were not automatically applying updates. This seems to be related to the configuration file for unattended-upgrades not really being aware that security updates come from squeeze-lts.

Long story short, I needed to add:

${distro_id} “squeeze-lts”

To the top of /etc/apt/apt.conf.d/50unattended-upgrades.

Then, I ran:

unattended-upgrade -d

This performs an upgrade interactively so you can see it in action and verify that it is indeed doing what you want it to do.

I can now sleep a little easier.

Like what you read? Give Peter Osborne a round of applause.

From a quick cheer to a standing ovation, clap to show how much you enjoyed this story.