Cloud VPS 3d ago 5 views 7 min read

How to configure automatic system updates on Debian 12

Configure unattended-upgrades and apt periodic tasks to keep your Debian Cloud VPS patched automatically without manual intervention.

R
Roy S
Updated 17h ago
Sponsored

Cloud VPS — scale in minutes

Instantly deploy SSD cloud VPS with guaranteed resources, snapshots and per-hour billing. Pay only for what you use.

Configure the unattended-upgrades package and the apt periodic system to automatically install security patches and kernel updates on your Debian Cloud VPS. These steps target Debian 12 (Bookworm) and rely on the standard package management tools included in the base system.

Prerequisites

  • A Debian 12 (Bookworm) server with root or sudo privileges.
  • Network connectivity to the Debian package repositories.
  • At least 100 MB of free disk space for update packages.

Step 1: Install the unattended-upgrades package

Install the unattended-upgrades tool, which manages automatic security updates. This package handles the logic of checking for updates and installing them without user interaction.

apt update
apt install -y unattended-upgrades

After the installation completes, you will see a message indicating that the service is enabled. The system will now be ready to accept configuration changes for the update schedule.

Step 2: Configure the update frequency and packages

Edit the main configuration file to define which packages get updated automatically. You will set the frequency to daily and include security updates for the main repository while excluding non-security packages like kernel headers if desired.

nano /etc/apt/apt.conf.d/50unattended-upgrades

Locate the section labeled "Unattended-Upgrade::" and modify the "Origins" line. Change the origin string to match your specific Debian release, which is bookworm-security for security patches. Ensure the "Package-Types" line includes "D" for distribution upgrades if you want to upgrade the OS itself, or keep it restricted to security updates only.

Origins:: "${distro_id} ${distro_codename}-security";
Package-Types: "${distro_id} ${distro_codename}-security";

Save the file and exit the editor. The system will now only pull updates from the security repository by default, which is the recommended practice for production Cloud VPS environments.

Step 3: Configure the unattended-upgrades daemon

Configure the daemon to run daily and handle the actual upgrade process. Open the daemon configuration file to ensure the timing matches your maintenance window or to set it to run immediately.

nano /etc/unattended-upgrades/unattended-upgrades.conf

Ensure the "AutomaticRemove" option is set to "true" to automatically remove obsolete packages after a successful upgrade. This keeps your system clean and reduces disk usage over time.

AutomaticRemove: "true";
AutomaticRemoveInterval: "1";

Set the "Unattended-Upgrade::Automatic-Reboot" option to "false" initially to prevent unexpected reboots. You can enable this later if you want the system to restart automatically after a kernel update.

Unattended-Upgrade::Automatic-Reboot: "false";

Save the file and exit. The daemon is now configured to run daily and clean up old packages without rebooting unless explicitly told to.

Step 4: Set up the apt periodic cron jobs

Configure the apt periodic system to run daily checks for new packages. This ensures that the system is always looking for updates even if the unattended-upgrades service encounters a temporary network issue.

apt install -y apt-transport-https ca-certificates gnupg

Run the following command to generate the default periodic tasks configuration file. This script sets up a cron job that runs every day at 03:00 AM to check for and install updates.

apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -y apt-transport-https ca-certificates gnupg
apt install -
Sponsored

Linux Dedicated Server

Rock-solid Linux dedicated servers with root access, KVM-IPMI and fully managed options. CentOS, Ubuntu, Debian, Rocky and AlmaLinux.
Tags: securityautomationcronDebian
0
Was this helpful?

Related tutorials

Cloud VPS
How to create a private subnet in AWS VPC for your Cloud VPS

Learn to configure a private subnet in Amazon VPC to host your Linux servers securely. This guide covers VPC c…

14
Cloud VPS
How to configure a load balancer in Nginx for your web servers

Set up upstream groups and stream definitions to distribute traffic across multiple backend web servers using…

9
Cloud VPS
How to configure a private subnet in AWS VPC

Create a VPC, add a private subnet, and attach an internet gateway for public access while keeping internal re…

9

Comments 0

Login to leave a comment.

No comments yet — be the first to share your thoughts.