I’ve been using Salt Stack to deploy configuration lately, I’ve set things up so that Debian unattended-upgrades is automatically installed on all systems to keep things patched. With some recent vulnerabilities I decided to check in on all the systems I oversee to make sure everything is running how I think it should be running.
I learned that Debian Jessie and Debian Wheezy “just work”.
apt-get install unattended-upgrades
Answer Yes to enable updates. Simple enough.
I learned that /var/log/unattended-upgrades/unattended-upgrades.log tells you everything you need to know about what has been installed and when.
I learned that some older Debian squeeze-lts systems were not automatically applying updates. This seems to be related to the configuration file for unattended-upgrades not really being aware that security updates come from squeeze-lts.
Long story short, I needed to add:
To the top of /etc/apt/apt.conf.d/50unattended-upgrades.
Then, I ran:
This performs an upgrade interactively so you can see it in action and verify that it is indeed doing what you want it to do.
I can now sleep a little easier.