Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Enable apt to do automated security updates #4

Merged
merged 1 commit into from Sep 15, 2018

Conversation

Projects
None yet
3 participants
@limed
Copy link
Collaborator

commented Sep 12, 2018

Sets up automated security package updates on the OS

@limed limed requested review from escattone and metadave Sep 12, 2018

@escattone
Copy link
Member

left a comment

@limed This is cool. Before this I had never heard of the unattended-upgrades apt package. This looks good to me based on the documents I read. We'll at least get daily updates of security-related changes.

I have one question though. With this configuration, I don't think we'll get reports when updates are made, correct? Is there a way to configure this in order to get an email when changes are made?

@limed

This comment has been minimized.

Copy link
Collaborator Author

commented Sep 12, 2018

I have one question though. With this configuration, I don't think we'll get reports when updates are made, correct? Is there a way to configure this in order to get an email when changes are made?

Yeah this is possible based on documentation here https://wiki.debian.org/UnattendedUpgrades

If you plan to use it, you should have some means to monitor your systems, such as installing the apt-listchanges package and configuring it to send you emails about updates

I think you can also configure unattended-upgrades to just send email too:

Unattended-Upgrade::Mail "me@example.com";

I do have a concern about this though, if we do this we will actually need to have a proper mail setup on the local machine which we can do but its just not setup currently :)

@metadave

This comment has been minimized.

Copy link
Member

commented Sep 12, 2018

will the instance be automatically rebooted (if required)?

@limed

This comment has been minimized.

Copy link
Collaborator Author

commented Sep 12, 2018

will the instance be automatically rebooted (if required)?

No it will not, I do believe there is a setting that allows that though but I've never gone that far when it comes to update. I realize that this probably doesn't fix kernel updates since they need reboots but I figure we can do that one manually :)

@limed limed merged commit e6398e2 into mdn:master Sep 15, 2018

@limed limed deleted the limed:unattended-upgrades branch Sep 15, 2018

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.