How to Enable Automatic Updates on a Linux Server
We recommend you to keep your server services upgraded in order to secure the data stored on your server. Keeping the services up to date is a simple, easy task and it is required for the safety of your data. There are two ways to update the services on your server and they are as follows:
1) Update the services manually
2) Enable automatic updates
Updating the services manually is a time-consuming process and also an outdated process. Manually updating all services includes checking each service for update and update if new versions are released. If you need to update only a single service or a number of services, manual update is adequate. But for updating all services on the system, manual update is not recommended as it requires a great deal of time, which cannot be compromised, since it may last for hours. Please refer https://fedoraproject.org/wiki/AutoUpdates#Why_use_Automatic_updates.3F for more information regarding advantages and disadvantages of setting up automatic updates on your server.
Please note that enabling automatic updates on your server will be applied only to the services provided by the package repositories. The services compiled from source code will not be updated automatically.
I will guide you through the steps to enable automatic update on your server. Please note that you should have root level access to your server before proceeding with the configuring steps:
CentOS 7
Please follow the instructions below, if you are using CentOS 7 on your server:
1) Connect to your server as root via SSH. If you are a Windows user, you could use “putty” for accessing the shell. Please refer https://www.1onlyhost.net/tips/kb/using-putty-to-ssh-to-server/ for more information regarding making SSH connection via putty.
2) You need to install package yum-cron on your server which is responsible for the automatic service updates. Run the following command to install the yum-cron package using YUM package manager.
# yum install yum-cron -y
3) Configure yum-cron once it is installed on your server. Use your favorite text editor to edit the default configuration file /etc/yum/yum-cron.conf. Please note that the following options should be set up on the yum-cron configuration file.
update_cmd = default
apply_updates = yes
Once the above options are set up, save the yum-cron configuration file.
4)Restart the yum-cron service on your server to reflect the changes made in the configuration file.
# systemctl restart yum-cron
5) Run the following command to enable yum-cron service on system boot
# systemctl enable yum-cron
The automatic update is now enabled on your server.
Ubuntu 16.04
Please follow the instructions below, if you are using Ubuntu 16.04 on your server:
1) Connect to your server as root via SSH. If you are a Windows user, you could use “putty” for accessing the shell. Please refer https://www.1onlyhost.net/tips/kb/using-putty-to-ssh-to-server/ for more information regarding making SSH connection via putty.
2)You need to install package “unattended-upgrades” on your server which is responsible for the automatic service updates. Run the following command to install the unattended-upgrades package using apt package manager.
# apt-get install unattended-upgrades
3) Configure unattended-upgrades, once it is installed on your server. Use your favorite text editor to edit the default configuration file /etc/apt/apt.conf.d/50unattended-upgrades. Please note that the following options should be set up on the unattended-upgrades configuration file, also modifications can be made in these options to fit your needs.
Unattended-Upgrade::Allowed-Origins {
“Ubuntu xenial-security”;
// “Ubuntu xenial-updates”;
};
4) Certain services can be added to a blacklist in order to prevent them from automatic updates. These services should be added to the following list so that it gets blacklisted.
Unattended-Upgrade::Package-Blacklist {
“vim”;
“libc6”;
};
You can add more services to this list if you need to prevent these services from updating automatically.
5) You should edit the /etc/apt/apt.conf.d/10periodic file using a text editor to enable automatic updates on your server. Edit the file and adjust the configuration options so that it fits your needs.
APT::Periodic::Update-Package-Lists “1”;
APT::Periodic::Download-Upgradeable-Packages “1”;
APT::Periodic::AutocleanInterval “7”;
APT::Periodic::Unattended-Upgrade “1”;
The automatic updates are now enabled on your server. Please refer https://help.ubuntu.com/lts/serverguide/automatic-updates.html for more information regarding configurations and options.
If you need any further help, please do reach our support department.
