From e374efb9ec658f0444323e43d89d9164c4436b6e Mon Sep 17 00:00:00 2001 From: allan Date: Fri, 19 Dec 2025 15:08:43 +0100 Subject: [PATCH] latest commit --- LICENSE | 21 +++++++ README.md | 144 +++++++++++++++++++++++++++++++++++++++++++++ auto-update-ubuntu | 95 ++++++++++++++++++++++++++++++ last-tested | 4 ++ 4 files changed, 264 insertions(+) create mode 100644 LICENSE create mode 100644 README.md create mode 100755 auto-update-ubuntu create mode 100644 last-tested diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..3eaaa81 --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2025 Allan Christensen + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..235a5d1 --- /dev/null +++ b/README.md @@ -0,0 +1,144 @@ +# Unattended Updates for Ubuntu 24.04 Server +[![OS](https://img.shields.io/badge/ubuntu-24.04-E95420)](#) +[![Shell](https://img.shields.io/badge/shell-bash-121011)](#) +[![Feature](https://img.shields.io/badge/feature-unattended_updates-0078D7)](#) +[![License](https://img.shields.io/badge/License-MIT-green)](./LICENSE) + +Enable unattended updates on Ubuntu 24.04 server. + +This isn't a demo — it's a deployment. +Security updates happen weekly — automatically and quietly. + +## Why this installer exists +Servers fail when patches are forgotten. Automated updates remove that risk. + +## What this installer does +✔ Applies weekly security fixes +✔ Handles system package upgrades +✔ Runs without user sessions +✔ No interaction required + +## What this installer does *NOT* do +It won’t stop you from running the script without reading the documentation like there’s no tomorrow. +Skip the README, and whatever happens next is your headache, not a bug report. + +--- + +## 1. Prepare the system + +``` +sudo apt update -y +``` + +## 2. Download the installer + +``` +git clone https://git.x-files.dk/server/auto-update-ubuntu.git +``` + +``` +cd auto-update-ubuntu +``` + +## 3. Run the installer +``` +sudo ./auto-update-ubuntu +``` + +## Automatic Defaults + +| Setting | Enabled | +|---|---| +| Security & package upgrades | ✔ | +| Weekly unattended execution | ✔ Sundays @ 04:00 | +| Interactive prompts | ❌ None — unattended mode | + +--- + +## Cron Job Location (Important) + +This script does **not** create a user cron via `crontab -e`. + +Instead, it deploys a root‑level update scheduler here: + +``` +/etc/cron.d/updatesystem +``` + +Meaning: + +✔ runs as **root** +✔ independent of user accounts +✔ persistent across reboots +✔ zero interactive maintenance needed + +Modify schedule: + +``` +sudo nano /etc/cron.d/updatesystem +``` + +--- + +## Optional Features (toggle inside script) + +| Feature | Default | Enable by uncommenting | +|---|---|---| +| Auto-remove unused packages | ✘ | `Remove-Unused-Dependencies = true` | +| Auto-reboot if required | ✘ | `Automatic-Reboot = true` | +| Reboot even with logged-in users | ✘ | `Automatic-Reboot-WithUsers = true` | + +Reference inside script: + +``` +# sed -i '/Remove-Unused-Dependencies/ s/^\/\/\s*//' "$config2" +# sed -i '/Automatic-Reboot/ s/^\/\/\s*//' "$config2" +# sed -i '/Automatic-Reboot-WithUsers/ s/^\/\/\s*//' "$config2" +``` + +--- + +## Verify Status + +``` +systemctl status unattended-upgrades +journalctl -u unattended-upgrades -f +``` + +--- + +## Logs + +``` +/var/log/unattended-upgrades/ +/var/log/apt/history.log +``` + +Latest upgrade entries: + +``` +grep "Packages that were upgraded" /var/log/unattended-upgrades/unattended-upgrades.log +``` + +--- + +### Reboot Check + +``` +/var/run/reboot-required +``` + +Exists → reboot recommended (optional autoreboot available) + +--- + +### More Information + +More guides and documentation can be found on [wiki.x-files.dk](https://wiki.x-files.dk) + +--- + +### License +Licensed under the [MIT License](./LICENSE). + +--- diff --git a/auto-update-ubuntu b/auto-update-ubuntu new file mode 100755 index 0000000..acb75c5 --- /dev/null +++ b/auto-update-ubuntu @@ -0,0 +1,95 @@ +#!/usr/bin/env bash + +# Author : Allan Christensen +# First Created : 23-06-2022 (DD-MM-YYYY) +# Description : Configures unattended updates on Ubuntu 24.04 +# License : MIT License + +# +# Are we root +# +if [[ $(id -u) -ne 0 ]]; then printf "\nMust be root or use sudo!\n\n"; exit; fi + +# +# Define variables and functions +# +config1="/etc/apt/apt.conf.d/20auto-upgrades" +config1alt="/usr/share/unattended-upgrades/20auto-upgrades" +config2="/etc/apt/apt.conf.d/50unattended-upgrades" +config2alt="/usr/share/unattended-upgrades/50unattended-upgrades" + +# +# Function to check if config exists, if not, copy from alternative location +# +chkcfg () { if [ ! -f "$1" ]; then echo "Config missing: $1 → copying from $2" ; cp -Rp "$2" "$1" ; fi; } + +# +# Install required packages +# +apt install -y unattended-upgrades update-notifier-common + +# +# Ensure configuration files exist +# +chkcfg "$config1" "$config1alt" +chkcfg "$config2" "$config2alt" + +# +# Back up configuration files +# +cp -Rp "$config1" /root/20auto-upgrades.orig +cp -Rp "$config2" /root/50unattended-upgrades.orig + +# +# Disable automatic updates (20auto-upgrades) +# +sed -i 's/^\(APT::Periodic::Unattended-Upgrade\s*"\)1"/\10"/' "$config1" + +# +# Enable package updates (50unattended-upgrades) +# +sed -i '/Unattended-Upgrade::Allowed-Origins/ s|//\s*"\${distro_id}:\${distro_codename}-updates"|"\${distro_id}:\${distro_codename}-updates"|' "$config2" + +# +# Uncomment the next 2 lines to enable automatic removal of unused packages equivalent to apt autoremove +# +# sed -i '/Unattended-Upgrade::Remove-Unused-Dependencies/ s/^\/\/\s*//' "$config2" +# sed -i 's/Remove-Unused-Dependencies "false"/Remove-Unused-Dependencies "true"/' "$config2" + +# +# Uncomment the next 2 lines to enable automatic reboot +# +# sed -i '/Unattended-Upgrade::Automatic-Reboot/ s/^\/\/\s*//' "$config2" +# sed -i 's/Automatic-Reboot "false"/Automatic-Reboot "true"/' "$config2" + +# +# Uncomment the line below to enable automatic reboot even if users are logged in +# +# sed -i '/Unattended-Upgrade::Automatic-Reboot-WithUsers/ s/^\/\/\s*//' "$config2" + +# +# Create cron job to run every Sunday at 04:00 +# +cronjob01='0 4 * * 0 root /usr/bin/apt update && /usr/bin/unattended-upgrade -v >/dev/null 2>&1' +echo "$cronjob01" > /etc/cron.d/updatesystem +echo "" >> /etc/cron.d/updatesystem + +# +# Ensure correct permissions for /etc/cron.d entries +# +chmod 644 /etc/cron.d/updatesystem +chown root:root /etc/cron.d/updatesystem + +# +# Restart unattended upgrades and cron. +# +systemctl restart unattended-upgrades.service ; systemctl restart cron.service + +# +# All done +# +printf "\nAll Done...\n" + +# +# End of script +# diff --git a/last-tested b/last-tested new file mode 100644 index 0000000..02156f4 --- /dev/null +++ b/last-tested @@ -0,0 +1,4 @@ +------------------------------------ +Last tested: 19-12-2025 (DD-MM-YYYY) +Environment: Ubuntu Server 24.04 LTS +------------------------------------