Automating Security Updates on Ubuntu Servers

Most of the time our Ubuntu servers don’t have a GUI. How do you enable automated updates?

It’s pretty easy.

How To Do It

1. Install the package ‘unattended-upgrades’ – e.g.

aptitude install unattended-upgrades

2. Configuration 50unattended-upgrades by opening the configuration file – e.g.

vi /etc/apt/apt.conf.d/50unattended-upgrades

Uncomment the *-security and *-updates lines in the Allowed-Origins section (should be the 3rd or 4th lines in the file) – e.g.

// Automatically upgrade packages from these (origin:archive) pairs
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}-security";
"${distro_id}:${distro_codename}-updates";
// "${distro_id}:${distro_codename}-proposed";
// "${distro_id}:${distro_codename}-backports";
};

3. Configure 10periodic by opening the configuration file – e.g.

vi /etc/apt/apt.conf.d/10periodic

Set ‘APT::Periodic::Download-Upgradeable-Packages’ to ’1′ (true). And add the following line, at the end of the file:

APT::Periodic::Unattended-Upgrade "1";

If things are not working as expected, the logs can be found in /var/log/unattended-upgrades.

FAQ

When will it apply updates?

Whenever cron.daily runs (see /etc/crontab). Usually about 6:30AM system time.

Do you want to get notified when things are updated?

In the 50unattended-upgrades file uncomment the following line:

Unattended-Upgrade::Mail "root@localhost";

Do you want to only get notified when there is an error?

In the 50unattended-upgrades file uncomment the following line:

Unattended-Upgrade::MailOnlyOnError "true";

What about updates that require rebooting?

Some updates, like kernel updates, require rebooting. These are disabled by default. If you have email notifications on you’ll see them there. There is also an automatic reboot option – commented out by default for obvious reasons – in 50unattended-upgrades you can explore using.

Isn’t It Risky to Automate Updates?

It is up to you to decide whether automatic updates are acceptable in your situation. I find that I have a mixture of hosts: some where automated updates are a definite no-no and others where the modest risk introduced by allowing automated security updates is far preferably to waiting for manual patching.

In general, I use this a lot with standalone hosts that do special purpose things behind the scenes, but rarely with production web applications.

The Technologist’s Powerful Position

Anyone in modern IT is in a powerful position: Every single day they are just one idea away from their next $100,000 in business value creation.

Every single day …one idea away!

Every business, at all times, has room for improvement in areas like efficiency, customer retention, competitive positioning, marketing, follow-up and outreach, and sales (just to name a few).

There are a million places that IT impacts the modern organization. Think behind the scenes – e.g. work flows, business processes, and risk management – as well as where customers interact with the business – e.g. web site/application responsiveness, information accessibility, front-line staff interactions (i.e. tools they rely on).

Technologists that focus on the business first are better positioned to help in these areas. These are all areas where money is either being spent unnecessarily (directly or indirectly), where money is being lost (lost sales or lower than necessary retention), or competitive positioning is being weakened (hurting growth and profitability).

Sometimes technology is the obstacle. Other times it is the solution. Recognizing these situations then applying your expertise to come up with possible solutions is the key to coming up with your next $100,000 idea.

Here are some areas to look first:

  1. Where existing technology is creating hurdles, friction, or pain
  2. Where new technology could reduce friction, errors, or delays, such as within repetitive work flows and business processes
  3. Where customers are looking for something, but aren’t getting it (either at all or fast enough)
  4. Where an existing technical solution – e.g. service provider, software platform – isn’t optimal, is overkill, or is overlapping with another solution (and thus probably costing more money than necessary)

If  you focus primarily on maintenance1, you aren’t coming up with ideas, and you don’t create any new value. If you are coming up with ideas but are not — critically — finding a way to try them out, you aren’t creating any value either. With a bit of pragmatism and a precision application of technology, this can be changed.

Don’t overlook even seemingly small refinements. Remember that businesses often do the same things over and over again. Often complacency sets in and a particular level of performance is accepted, even it’s far from optimal. A small improvement in a work flow that saves a few bucks a day annualized then amortized over several years adds up fast (and every idea doesn’t have to be anywhere near $100,000 to be worthwhile to implement …or even just trial).

Apply this mindset and you’ll become more valuable yourself and - every once in a while – you might even run across a million dollar idea. Good for you. (It’s not as rare as you might think).


  1. or, worse, firefighting and looking like the hero 

This is a great video. I don’t know about you, but amid all the work and distractions, I need a reminder every once in a while about what is truly important. This short video is nice a little proverbial smack upside the head that does just that.

Look Up – A spoken word film for an online generation.

‘Look Up’ is a lesson taught to us through a love story, in a world where we continue to find ways to make it easier for us to connect with one another, but always results in us spending more time alone.

Written, Performed & Directed by Gary Turk.

Transcript also available.

BuiltWith’s Web and Internet Technology Usage Trends

This is a neat way to see what else is out where and what different folks are using in terms of Internet software and services (i.e. How many of the top 10k web sites use Amazon Web Services versus other providers?) .

There is a sizable list of categories to look at. Updated regularly and can be looked at in terms of top 10k sites, top 100k sites, top million sites, or entire Internet.

5 Common Server Setups For Your Web Application

DigitalOcean Community

A nice introductory piece for folks trying to wrap their heads around some of the typical architectures used to host modern web applications.

Understanding the moving parts behind the scenes can not only help you determine what you need, but also properly evaluate options such as rolling-your-own versus purchasing ready-made options. For example, some providers provide building blocks for some of these pieces (which can save you time and leverage engineering knowledge from thousands of other installations) – e.g. Amazon’s Elastic Load Balancing (ELB) or Linode’s NodeBalancers, in lieu of rolling your own load balancing layer.

You can also avoid a lot of this if your application can run on a Platform-as-a-Service offering, but that’ll have to wait for a later discussion (and you’ll still benefit from understanding the conceptual underpinnings in any case).

We are abstracting on the shoulders of giants

Scott Hanselman's Blog

My new startup has data centers on three continents, utilizes global load-balancing, traverses networks with ease, has both an iPhone and Windows application, was written in a simple high level language, and enables an amazing scenario to help people get more done, faster.

But the real story – the real mindblower for me – was not the hours and hours of software that my partner and I wrote, it’s the years and years of software that we didn’t write.

Scott Hanselman shares a bit of his excitement and describe the deep and broad software / service stack that his new application is built on.

OpenDNS Eliminates Ads

The OpenDNS Blog
May 29, 2014

David Ulevitch writes:

We’ve always tried to put user experience first, even when that gets in the way of making more money. Browsers have changed, we’ve become a security company, and we’ve shifted our business to rely on paying security customers, so we’re turning off the ads in our free DNS service to make that service even better.

This is good news. I’ve been a fan of OpenDNS use by families, in schools/non-profits, public places such as coffeehouses, and in businesses. These are all places where it is often desirable to have a bit more control over what folks are using the Internet for while on-site. (If you’re not familiar with OpenDNS, they provide a very simple way to filter Internet access, without requiring new hardware or new software, both for content restricting – i.e. adult web sites – or security purposes.)

Uncommon Sense – Advice for entrepreneurs from Derek Sivers.

Lessons learned from starting, building, and selling CD Baby. A 47-minute talk in 8 parts of about 6 minutes a piece or so.

The thing I like about Derek is that he’s such a nice guy who clearly wants to help people (I’ve never met him in person but being reader of his blog and follower of him online, it’s obvious). And when he sold CD Baby — for a hefty sum — he donated the proceeds. (Not that there would have been anything wrong with keeping what he rightfully earned.) In this short video series, he shares some nice nuggets from his journey. I enjoyed it. Perhaps you will too.