Security is of paramount importance in today’s digital landscape, and one of the most effective measures to safeguard oneself is by ensuring the continuous update of one’s system. A significant component of these updates comprises security patches. This blog post aims to provide a quick tip, specifically for individuals new to Linux, particularly those using Debian-based distributions such as Ubuntu. We will outline a straightforward method for setting up automatic system updates, ensuring that you never have to worry about the status of your system’s updates again.
Command Line
APT is the software utilized on Debian-based systems for installing software on your computer. To ensure your system is up to date, there are several commands you can employ. Please note that when using sudo, you will likely be prompted to enter the root password on your system, so ensure you have it readily available.
The first command is update. By executing this command, the package lists are downloaded from the repositories and updated, providing information on the latest versions of packages and their dependencies. It is important to understand that this command solely updates the package lists and does not install or upgrade any packages. To actually update your system, you need to execute the following command, which we will discuss next.
sudo apt updateThe next command is upgrade. By using this command, you can effectively upgrade the packages installed on your system. However, it is crucial to understand that you should always execute the update command before running the upgrade command. Failing to do so may result in the inability to upgrade the packages on your system to their most recent versions. Therefore, it is recommended to run the update command first, followed by the upgrade command to ensure that your packages are upgraded to their latest versions.
sudo apt upgradeThe third command, autoremove, is optional but highly recommended to run after executing the update and upgrade commands. This command serves to clean up your system after the update process. Occasionally, there may be packages left on your system that are no longer required. By using the autoremove command, you ensure that these unnecessary packages are removed, preventing them from occupying storage space unnecessarily. Running the autoremove command is a good practice to maintain a streamlined and efficient system after performing updates.
sudo apt autoremoveAutomation
Now, let’s discuss how you can automate the process to avoid typing in three commands every time you want to ensure your system is updated. Firstly, it’s worth noting that when you execute the latter two commands mentioned above, you are usually prompted to confirm whether you want to apply the updates if there are any available. This can become tedious over time. Fortunately, apt provides a parameter that allows you to automatically answer “yes” to the prompt. Simply add “-y” to your command, and it will update without requiring manual confirmation.
Secondly, you can chain these commands together using the “&&” operator on the command line. This enables you to execute a single sequential command, and all three commands will run in sequence. Here’s an example:
sudo apt update && sudo apt upgrade -y && sudo apt autoremove -yinally, to fully automate your system updates, you can set up a Cron job on your system that runs at the desired frequency, ensuring that your system is always up to date. Follow the steps below to set up the Cron job:
1. Open the crontab editor by running the following command:
sudo crontab -e2. Add the job to the crontab configuration, following the example below. This example sets up the job to run at midnight every day. If you prefer a different time or frequency, you can utilize the website crontab.guru to determine the appropriate configuration.
Note that in this specific cron configuration, the “sudo” has been removed from the command. This is because it is executed within the “sudo” cron, meaning that everything within it is already run with “sudo” privileges. Additionally, if you have never opened the crontab editor before, you may be prompted to select your preferred editor for editing cron jobs. In this example, the vi editor is used, but feel free to choose the editor you are comfortable with. Once you have updated and saved the configuration, it should take effect immediately.
# Edit this file to introduce tasks to be run by cron.
#
# Each task to run has to be defined through a single line
# indicating with different fields when the task will be run
# and what command to run for the task
#
# To define the time you can provide concrete values for
# minute (m), hour (h), day of month (dom), month (mon),
# and day of week (dow) or use '*' in these fields (for 'any').#
# Notice that tasks will be started based on the cron's system
# daemon's notion of time and timezones.
#
# Output of the crontab jobs (including errors) is sent through
# email to the user the crontab file belongs to (unless redirected).
#
# For example, you can run a backup of all your user accounts
# at 5 a.m every week with:
# 0 5 * * 1 tar -zcf /var/backups/home.tgz /home/
#
# For more information see the manual pages of crontab(5) and cron(8)
#
# m h dom mon dow command
0 0 * * * apt update && apt upgrade -y && apt autoremove -y3. Confirm that the job has run. Once you have set up the cron job and believe that it has executed, it is advisable to check the logs to ensure that it has indeed run. By default, the cron job logs should be stored in the syslog file. You can use the following command to check the syslog file for the desired time when the job was expected to run:
grep CRON /var/log/syslogSep 19 00:00:01 ris CRON[3719]: (root) CMD (apt update && apt upgrade -y && apt autoremove -y)Conclusion
As demonstrated, setting up automatic updates on your Debian-based system is a relatively straightforward process. Given the significance of running the latest software package versions, especially for security purposes, I highly encourage you to implement some form of automatic updates on your Linux system if you haven’t done so already.
By following the steps outlined in this guide and configuring a Cron job, you can ensure that your system regularly updates itself at a time and frequency of your choice. This proactive approach will help keep your system up to date, enhancing its security and overall performance.
If you have any further questions or need additional assistance, feel free to ask.