3

I have a laravel app on a ubuntu 20.04 server. How do I enable it to automatically apply only security updates?

does the following only install security updates or other updates:

sudo apt install unattended-upgrades

my sudo nano /etc/apt/apt.conf.d/50unattended-upgrades is as follows:

Unattended-Upgrade::Allowed-Origins {
    "${distro_id}:${distro_codename}";
    "${distro_id}:${distro_codename}-security";
    // Extended Security Maintenance; doesn't necessarily exist for
    // every release and this system may not have it installed, but if
    // available, the policy for updates is such that unattended-upgrades
    // should also install from here by default.
    "${distro_id}ESMApps:${distro_codename}-apps-security";
    "${distro_id}ESM:${distro_codename}-infra-security";
   //"${distro_id}:${distro_codename}-updates";
   //"${distro_id}:${distro_codename}-proposed";
   //"${distro_id}:${distro_codename}-backports";
};

Do I need to do anything else?

adam78
  • 131
  • 1
    https://askubuntu.com/questions/194/how-can-i-install-just-security-updates-from-the-command-line is still valid. – Rinzwind Aug 12 '20 at 11:01
  • @Rinzwind that for calling it from command line. The post doesn't give any example to enable it for automatic security updates? – adam78 Aug 12 '20 at 11:07
  • 1
    Your config looks like everything is commented out except security updates. For debug purposes you can actually manually run the unattended-upgrades: sudo unattended-upgrade -d – Nmath Aug 12 '20 at 11:54
  • See also this link, if you want more details. – sudodus Aug 12 '20 at 13:34
  • @Nmath what about this line: "${distro_id}:${distro_codename}"; which isnt commented? what is that line doing? – adam78 Aug 12 '20 at 15:16

2 Answers2

2

enter image description here

Go to Software and Updates and enable Livepatch. Canonical Livepatch helps keep your system secure by applying security updates that don't require a restart.

Or you can use the terminal for security updates using the command:

sudo unattended-upgrade

Freax
  • 137
0

My personal preference is the following: The reconfigure brings up a text ui to confirm and then you are done.

sudo apt-get install unattended-upgrades sudo dpkg-reconfigure unattended-upgrades

kkron
  • 141