Thursday, October 25, 2012

Automate security patching in Ubuntu

Important: This worked for Ubuntu 10.10. Here is a POB recipe you can use with Remoto-IT to deploy cron-apt in your servers correctly configured to get security updates automatically installed.

While you need to be careful with automated updates and especially upgrades in Ubuntu, security updates should be performed ASAP and they are *most of the time* safe.

If you want to get notifications only when a security upgrade is performed (recommended) then use:
common/debian/cron-apt-security-update-reinstall.sh nurquiza@sample.com upgrade

Test the installation

You can force the process to run right away while changing the cron expression in /etc/cron.d/cron-apt, then inspect the log file in /var/log/cron-apt/log. You should get something like:
CRON-APT RUN [/etc/cron-apt/config]: Mon Oct 2 04:00:01 EDT 2012
CRON-APT SLEEP: 3322, Mon Oct 2 04:55:23 EDT 2012
CRON-APT ACTION: 0-update
CRON-APT LINE: /usr/bin/apt-get update -o quiet=2
CRON-APT ACTION: 3-download
CRON-APT LINE: /usr/bin/apt-get autoclean -y
Reading package lists...
Building dependency tree...
Reading state information...
CRON-APT LINE: /usr/bin/apt-get upgrade -u -y -o APT::Get::Show-Upgraded=true
Reading package lists...
Building dependency tree...
Reading state information...
The following packages have been kept back:
  linux-headers-server linux-image-server linux-server
0 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.

No comments:

Followers