Terug naar DocumentatieKeeping your system updated is the simplest and most effective security measure. Automatic security updates apply critical patches without manual intervention.
Debian / Ubuntu: unattended-upgrades
Installation
apt install unattended-upgrades -y
Interactive Configuration
dpkg-reconfigure --priority=low unattended-upgrades
Answer Yes to enable automatic updates.
Manual Configuration
nano /etc/apt/apt.conf.d/50unattended-upgrades
Recommended configuration:
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}";
"${distro_id}:${distro_codename}-security";
"${distro_id}ESMApps:${distro_codename}-apps-security";
"${distro_id}ESM:${distro_codename}-infra-security";
};
// Remove unused dependencies
Unattended-Upgrade::Remove-Unused-Dependencies "true";
// Auto-reboot if needed (e.g., kernel update)
// WARNING: server will reboot automatically!
Unattended-Upgrade::Automatic-Reboot "false";
// If you enable auto-reboot, set it during low-traffic hours
Unattended-Upgrade::Automatic-Reboot-Time "04:00";
// Email notification (optional)
// Unattended-Upgrade::Mail "admin@example.com";
Enable the Timer
nano /etc/apt/apt.conf.d/20auto-upgrades
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::AutocleanInterval "7";
Verify It Works
# Test without installing anything
unattended-upgrades --dry-run --debug
# Log of executed updates
cat /var/log/unattended-upgrades/unattended-upgrades.log
CentOS / AlmaLinux / Rocky Linux: dnf-automatic
Installation
dnf install dnf-automatic -y
Configuration
nano /etc/dnf/automatic.conf
[commands]
# Download and install only security updates
upgrade_type = security
apply_updates = yes
# Message after updates
emit_via = stdio
# For email notifications (optional)
# emit_via = email
# email_from = root@localhost
# email_to = admin@example.com
Enable the Timer
# Daily updates
systemctl enable --now dnf-automatic.timer
# Verify
systemctl status dnf-automatic.timer
systemctl list-timers | grep dnf
Manual Update (When You Want Control)
Even with automatic updates enabled, it's good practice to periodically do a full manual update:
# Debian/Ubuntu
apt update && apt upgrade -y
# For kernel updates (requires reboot)
apt full-upgrade -y
reboot
# CentOS/AlmaLinux
dnf update -y
Check Available Updates Without Installing
# Debian/Ubuntu
apt list --upgradable
# Security updates only
apt list --upgradable | grep -i security
# CentOS/AlmaLinux
dnf check-update
dnf updateinfo list security
Gerelateerde artikelen
Base Server Hardening
Checklist of fundamental security operations to secure a new VPS before putting it into production
Fail2ban: Brute Force Protection
How to install and configure Fail2ban to protect your server from SSH and web brute force attacks
Change SSH Port
How to change SSH port to reduce automatic brute force attempts from bots and scanners on the internet
DeluxHost, opgericht in 2023, biedt hoogwaardige hostingoplossingen voor diverse digitale behoeften. Wij bieden gedeelde hosting, VPS en dedicated servers met geavanceerde beveiliging en wereldwijde datacenters.
