server/auto-update-ubuntu
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
5 Commits 1 Branch 0 Tags
5447f9d604c36551d5029442c500ada8221a3ceb
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
allan 5447f9d604 changes
2026-02-12 17:26:39 +01:00
auto-update
logic changes
2026-02-12 17:23:04 +01:00
last-tested
latest commit
2026-02-11 09:15:51 +01:00
LICENSE
latest commit
2026-02-11 09:15:51 +01:00
README.md
changes
2026-02-12 17:26:39 +01:00

README.md

Auto Update for Ubuntu 24.04 Server

OS Shell Feature Cron License

Install unattended security and system updates on Ubuntu 24.04 server.

This is not a demo and not a quick experiment.
This is a production-ready policy tool designed to enforce predictable update behaviour.

Why this installer exists

Ubuntu includes unattended-upgrades, but configuration is often inconsistent, unclear, or left in default states that do not match operational policy.

This script provides a repeatable way to enforce a defined update policy, ensuring systems are patched regularly and reboot behaviour is predictable.

What this installer does

✔ Configures unattended-upgrades using a clean, deterministic policy
✔ Allows switching between four update modes
✔ Ensures updates are enforced on a fixed weekly schedule
✔ Automatically rebuilds the unattended-upgrades configuration safely
✔ Leaves Ubuntus timers untouched
✔ Safe to re-run and switch modes at any time
✔ Logs policy changes for auditing and troubleshooting
✔ Uses vendor defaults as a base to preserve compatibility

What this installer does NOT do

It wont stop you from running the script without reading the documentation like theres no tomorrow.
Skip the README, and whatever happens next is your headache, not a bug report.

1. Download the installer

git clone https://git.x-files.dk/server/auto-update-ubuntu.git

cd auto-update-ubuntu

2. Run the installer

sudo ./auto-update <mode>

Example:

sudo ./auto-update 2

Available modes

The modes control two things:

  • Which updates are installed
  • Whether the system reboots automatically if required

The script is built with re-runs in mind.
If you need to switch modes, simply run the script again with another mode.
The current policy will be replaced automatically.

Mode 1
Security + updates (full system updates, not security-only)
Automatic reboot
Reboot happens even if users are logged in

Mode 2
Security + updates (full system updates, not security-only)
No automatic reboot
Users are notified on next login if a reboot is required

Mode 3
Security updates only
Automatic reboot
Reboot happens even if users are logged in

Mode 4
Security updates only
No automatic reboot
Users are notified on next login if a reboot is required

How it works

The script rebuilds the unattended-upgrades configuration from Ubuntus vendor template each time a mode is applied.
This ensures a clean and predictable configuration and avoids problems caused by manually edited or partially modified files.

If you manually edit /etc/apt/apt.conf.d/50unattended-upgrades, those changes will be overwritten, but only when you switch modes.

A cron job (/etc/cron.d/auto-update) is created to enforce updates every Friday at 03:00.
This ensures that systems are updated regularly even if users postpone updates during the week.

Ubuntus systemd timers are left untouched.
If both timers and the cron job run, nothing breaks — updates may simply be checked more than once.

Cron behaviour

The cron job is created the first time a mode is applied and is scheduled to run every Friday at 03:00.

The cron file is created as:

/etc/cron.d/auto-update

You are free to change the schedule to any time you prefer, or even run it daily if required.
The script does not modify or reset the cron job after it has been created.

Switching modes does not alter the existing cron schedule.

Common questions

Q: Why am I still seeing available updates? Is the script not working?**
A: These notifications are generated by Ubuntus default update timers, which this script does not disable.
You may still see update notifications during the week, even though the cron enforcement job runs on Friday.

If you log in on a Tuesday and updates are available, you are encouraged to install them manually.
This will not conflict with the script.

You may also see updates appear shortly after the scheduled run.
This simply means new updates were released after the last scheduled update cycle.

Logging

Policy changes are logged to:

/var/log/auto-update.log

This log records when a mode was applied and which user executed the script.

Package installation and upgrade details are logged by unattended-upgrades in:

/var/log/unattended-upgrades/

More Information

More guides and documentation can be found on wiki.x-files.dk

License

Licensed under the MIT License.

Reference in New Issue View Git Blame Copy Permalink
Description
No description provided
Readme MIT 44 KiB
Languages
Shell 100%