0

Background:
I am looking for installing an Ubuntu server in a closed industrial network to monitor some stuff. I would like the Ubuntu server to NOT to attempt any automatic update. Do I need to install unattended-upgrades just to turn automatic upgrade off?

I don't want to block any ports on the server just yet. I am fairly new to linux, I would like to keep all other options like remote access, serving a simple web interface etc. open

Further question: Since we are here, does Ubuntu server (by default) send out any other "queries" onto the network automatically?

ugn
  • 3
  • 2
    I think it may be better to describe your problem in some greater detail. Maybe people have other and better solutions than what you imagine. – vidarlo May 04 '19 at 13:36
  • @vidarlo Thank you, but the question for now is really just to make sure the ubuntu server does not automatic query for update. I am fairly new to linux, so baby steps. – ugn May 04 '19 at 13:39
  • @user68186 it is in a closed industrial network, so there is no internet. But I don't want the server to start querying "who is the default gateway" or start sending "update upgrade list" packets to the default gateway. – ugn May 04 '19 at 13:41
  • @user68186 I don't know for sure, but for now, I assume, if the default gate way is present, ubuntu would "send stuff" to the default gate way: "here is some stuff I need to send to someone not in this network, and let me know if that someone replied". That's just how TCP/IP is implemented. I think. – ugn May 04 '19 at 13:49
  • I think you should explain your problem in some more detail, because using ufw rules to drop outbound traffic may be a better solution. – vidarlo May 04 '19 at 14:44
  • @vidarlo Thank you, didn't know about that. Regarding the question itself, I will just leave it as it is, I don't have enough knowledge to know exactly what I want yet, or ask for more informed question. Judging from what you have been telling me so far, I have a feeling that, ubuntu has many many processes that automatically contacts the network it is in. Automatic update is merely one of them. – ugn May 04 '19 at 14:52
  • 1
    In general, it's better to state your end goal, and not some process to achieve it. Maybe the way you thought of is not the optimal route to get there. You may want to have a look at this question as well, which is fairly close to yours. – vidarlo May 04 '19 at 17:04

1 Answers1

2

Yes, Ubuntu Server will attempt to upgrade by default.

There are two elements you must disable.

1) Apt will attempt to update it's package database daily using apt-daily.timer (provided by the apt package)

2) Apt will attempt to upgrade new packages in the database using apt-daily-upgrade.timer (provided by the unattended-upgrades package)

Simply disable both:

sudo systemctl disable apt-daily.timer
sudo systemctl disable apt-daily-upgrade.timer

Note to future readers: This is a good idea for some closed networks. This is a Very Bad Idea for any machine connected, directly or indirectly, to the internet. Those upgrades include security patches to protect your system from newly-reported vulnerabilities.

user535733
  • 62,253