# Auto Update for Ubuntu 24.04 Server
[![OS](https://img.shields.io/badge/ubuntu-24.04-E95420)](#)
[![Shell](https://img.shields.io/badge/shell-bash-121011)](#)
[![Feature](https://img.shields.io/badge/feature-controlled_updates-0078D7)](#)
[![Cron](https://img.shields.io/badge/scheduler-cron-lightgrey)](#)
[![License](https://img.shields.io/badge/License-MIT-green)](./LICENSE)

Install unattended security and system updates on Ubuntu 24.04 server.

This is not a demo and not a quick experiment.  
This is a production-ready policy tool designed to enforce predictable update behaviour.

---

## Why this installer exists
Ubuntu includes unattended-upgrades, but configuration is often inconsistent, unclear, or left in default states that do not match operational policy.

This script provides a repeatable way to enforce a defined update policy, ensuring systems are patched regularly and reboot behaviour is predictable.

---

## What this installer does
✔ Configures unattended-upgrades using a clean, deterministic policy  
✔ Allows switching between four update modes  
✔ Ensures updates are enforced on a fixed weekly schedule  
✔ Disables Ubuntu’s automatic periodic upgrades to prevent unexpected reboots  
✔ Automatically rebuilds the unattended-upgrades configuration safely  
✔ Safe to re-run and switch modes at any time  
✔ Logs policy changes for auditing and troubleshooting  
✔ Uses vendor defaults as a base to preserve compatibility  

---

## What this installer does NOT do
It won’t stop you from running the script without reading the documentation like there’s no tomorrow.  
Skip the README, and whatever happens next is your headache, not a bug report.

---

## 1. Download the installer

```
git clone https://git.x-files.dk/server/auto-update-ubuntu.git
```

```
cd auto-update-ubuntu
```

---

## 2. Run the installer

```
sudo ./auto-update <mode>
```

Example:

```
sudo ./auto-update 2
```

---

## Available modes

The modes control two things:
- Which updates are installed
- Whether the system reboots automatically if required

The script is built with re-runs in mind.  
If you need to switch modes, simply run the script again with another mode.  
The current policy will be replaced automatically.

**Mode 1**  
Security + updates (full system updates, not security-only)  
Automatic reboot  
Reboot happens even if users are logged in  

**Mode 2**  
Security + updates (full system updates, not security-only)  
No automatic reboot  
Users are notified on next login if a reboot is required  

**Mode 3**  
Security updates only  
Automatic reboot  
Reboot happens even if users are logged in  

**Mode 4**  
Security updates only  
No automatic reboot  
Users are notified on next login if a reboot is required  

---

## How it works

The script rebuilds the unattended-upgrades configuration from Ubuntu’s vendor template each time a mode is applied.  
This ensures a clean and predictable configuration and avoids problems caused by manually edited or partially modified files.

If you manually edit `/etc/apt/apt.conf.d/50unattended-upgrades`, those changes will be overwritten, but only when you switch modes.

The script also enforces the file:

```
/etc/apt/apt.conf.d/20auto-upgrades
```

to disable Ubuntu’s automatic periodic upgrades.  
This prevents unattended-upgrades from running automatically in the background and ensures that update and reboot behaviour is controlled entirely by the scheduled cron job.

A cron job (`/etc/cron.d/auto-update`) is created to enforce updates every Friday at 03:00.  
This ensures that systems are updated regularly in a predictable maintenance window.

Ubuntu’s systemd timers are not removed, but because periodic upgrades are disabled, they do not install updates automatically.

---

## Cron behaviour

The cron job is created the first time a mode is applied and is scheduled to run every Friday at 03:00.

The cron file is created as:

```
/etc/cron.d/auto-update
```

You are free to change the schedule to any time you prefer, or even run it daily if required.  
The script does not modify or reset the cron job after it has been created.

Switching modes does not alter the existing cron schedule.

---

## Common questions

**Q:** Why am I not seeing updates appear automatically during the week?  
**A:** The script disables Ubuntu’s automatic periodic upgrade mechanism.  
Updates are installed only during the scheduled cron run unless you run `apt update` or install updates manually.

**Q:** Can I still install updates manually?  
**A:** Yes. Running `apt update` and `apt upgrade` manually will not conflict with the script.

**Q:** What happens if new security updates are released during the week?  
**A:** They will be installed at the next scheduled cron run unless you choose to install them manually earlier.

---

## Logging

Policy changes are logged to:

```
/var/log/auto-update.log
```

This log records when a mode was applied and which user executed the script.

Package installation and upgrade details are logged by unattended-upgrades in:

```
/var/log/unattended-upgrades/
```

---

### More Information

More guides and documentation can be found on [wiki.x-files.dk](https://wiki.x-files.dk)

---

### License
Licensed under the [MIT License](./LICENSE).