commit e6f53abfec0920db703e0b2d2748859465ca0180 Author: allan Date: Thu Oct 24 12:40:05 2024 +0200 initial commit diff --git a/LICENSE b/LICENSE new file mode 100644 index 0000000..57f408b --- /dev/null +++ b/LICENSE @@ -0,0 +1,21 @@ +MIT License + +Copyright (c) 2023 Allan Christensen + +Permission is hereby granted, free of charge, to any person obtaining a copy +of this software and associated documentation files (the "Software"), to deal +in the Software without restriction, including without limitation the rights +to use, copy, modify, merge, publish, distribute, sublicense, and/or sell +copies of the Software, and to permit persons to whom the Software is +furnished to do so, subject to the following conditions: + +The above copyright notice and this permission notice shall be included in all +copies or substantial portions of the Software. + +THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR +IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, +FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE +AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER +LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, +OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE +SOFTWARE. diff --git a/README.md b/README.md new file mode 100644 index 0000000..8d85b17 --- /dev/null +++ b/README.md @@ -0,0 +1,31 @@ +## Unattended update script for Ubuntu 22.04 server. + +### Prerequisites +Ubuntu 22.04 server. + +> **IMPORTANT** +> +> This will configure unattended updates with the following.\ +> Update packages\ +> Update security packages\ +> Remove unused depencies same as apt autoremove\ +> Reboot if needed even with users logged on\ +> Create a crontab entry to run updates every Sunday at 04:00 + +### Download the script +``` +git clone https://git.x-files.dk/ubuntu-server/unattended-updates.git +``` + +### Usage + cd unattended-updates + sudo ./configure-updates + +### Postinstall +Nothing to do. + +### More guides +More guides can be found on [\[wiki.x-files.dk\]](https://wiki.x-files.dk) + +### Last tested +January 12th 2024 on Ubuntu 22.04. diff --git a/configure-updates b/configure-updates new file mode 100755 index 0000000..27351eb --- /dev/null +++ b/configure-updates @@ -0,0 +1,76 @@ +#!/bin/bash + +###################################################################################### +# Date: 23062022 Author: Allan Desc: Configuring Ubuntu server 22.04 for initial use # +###################################################################################### + +# +# Are we root +# +if [[ $(id -u) -ne 0 ]]; then printf "\nMust be root or use sudo!\n\n"; exit; fi +# +# Are we in the right directory +# +scriptdir="unattended-updates" && whereami=$(pwd |awk -F'/' '{print $NF}') +if [ $whereami != $scriptdir ]; then printf "\nWrong directory! Script must be run from $scriptdir\n\n"; exit 1; fi +# +# Define variables and functions +# +config1="/etc/apt/apt.conf.d/20auto-upgrades" +config1alt="/usr/share/unattended-upgrades/20auto-upgrades" +config2="/etc/apt/apt.conf.d/50unattended-upgrades" +confgi2alt="/usr/share/unattended-upgrades/50unattended-upgrades" +# +# Function to check if 20auto-upgrades or 50unattended-upgrades exists, if not copy them from alternative location. +# +chkcfg () { if [ -f $config ]; then : ; else echo "No Go $config $configalt" ; cp -Rp $configalt $config ; fi; } +# +# install unattended-upgrades and update-notifier-common +# +apt install -y unattended-upgrades +apt install -y update-notifier-common +# +# Run checkcfg against 20auto-upgrades and 50unattended-upgrades and create them if needed +# +config="$config1" ; configalt="$config1alt" ; chkcfg $config $configalt +config="$config2" ; configalt="$config2alt" ; chkcfg $config $configalt +# +# Disable automatic updates. We want to be in control instead of letting the system do this randomly twice a day. +# +sed -i 's/1/0/g' /etc/apt/apt.conf.d/20auto-upgrades +# +# Configure update behaviour, this means besides security also enable package updates. +# +sed -i '/${distro_id}:${distro_codename}-updates/ s/^\/\///' /etc/apt/apt.conf.d/50unattended-upgrades +# +# Optional: Uncomment the next 2 lines for removal of unused packages this equals apt autoremove +# || +# \/ +# sed -i '\/\/Unattended-Upgrade::Remove-Unused-Dependencies "false"/ s/^\/\///' /etc/apt/apt.conf.d/50unattended-upgrades +# sed -i 's/Remove-Unused-Dependencies "false"/Remove-Unused-Dependencies "true"/' /etc/apt/apt.conf.d/50unattended-upgrades +# /\ +# || +# Optional: Uncomment the next 2 lines for removal of unused packages this equals apt autoremove + +# Optionnal: Uncomment line 1 and 2 for reboot if needed. Uncommment line 3 for reboot even if users are logged in. +# || +# \/ +# sed -i '\/\/Unattended-Upgrade::Automatic-Reboot "false"/ s/^\/\///' /etc/apt/apt.conf.d/50unattended-upgrades +# sed -i 's/Automatic-Reboot "false"/Automatic-Reboot "true"/' /etc/apt/apt.conf.d/50unattended-upgrades +# sed -i '\/\/Unattended-Upgrade::Automatic-Reboot-WithUsers/ s/^\/\///' /etc/apt/apt.conf.d/50unattended-upgrades +# /\ +# || +# Optionnal: Uncomment line 1 and 2 for reboot if needed. Uncommment line 3 for reboot even if users are logged in. +# +# Create cronjob running every sunday at 04:00 +# +cronjob01="0 4 * * 7 root /usr/bin/apt update && /usr/bin/unattended-upgrade -v >/dev/null 2>&1" +echo "$cronjob01" > /etc/cron.d/updatesystem +# +# Restart unatended upgrades and cron. +# +systemctl restart unattended-upgrades.service +systemctl restart cron.service +# +# End of script +#