How to make my server email me when there are security updates?
Solution 1
From a previous post. you can run security upgrades via command line with.
sudo unattended-upgrade
I checked it out and you can also use the command line option
sudo unattended-upgrade --dry-run
To download but not install updates.
When running the program I am not getting any output, I think this is because I have my system set to auto-update. If you can get output from this just figure out what the updated vs. pending updates look like and write a shell script to send you an email containing of the output of the pending updates.
Then run this script as a cron job.
Note: use crontab -e to run jobs as root.
Solution 2
You can use tool called apticron
to notify you when new updates are available. It sends you e-mail about pending upgrades, also giving you a choice to only send you e-mail about updates not previously notified.
To setup apticron
edit /etc/apticron/apticron.conf
and change line containing e-mail address:
EMAIL="[email protected]"
Enter the e-mail address you wish to receive notifications to.
For more information see man apticron.
Related videos on Youtube
David R.
Updated on September 18, 2022Comments
-
David R. over 1 year
There's obviously a way to check to see when an update is a security update. I often get greeted by a motd that says "there are N security updates."
What I'd like to do is have my server email me a list of what packages need updating for security reasons.
To take it a step further, the email would link to the applicable security notification from Ubuntu.
Basically, each server is somewhat unique. I've received several emails on the security mailing list for packages I do not have install on any/all servers. So I'd like each individual server to tell me what it needs. That way I can apply updates in a timely manner, while avoiding restarting services like Apache that would cause users to have some downtime.
How could I do this?
-
Thomas Ward about 11 yearsHave you thought about setting up unattended upgrades and tell it to only automatically install security pocket updates?
-
David R. about 11 yearsI want to avoid installing updates that might break something or cause services to restart. Unattended upgrades could do both of those things.
-
Thomas Ward about 11 yearsBut security upgrades won't do that, security upgrades are usually cherrypicked fixes that are tested before being uploaded. If you configure unattended-upgrades to ONLY do security updates it will likely not break anything.
-
David R. about 11 yearsA security update to Apache would require that Apache be restarted, right?
-
Thomas Ward about 11 yearsI am not an expert in the Apache package but I believe it automatically issues a restart command after upgrading. I'd have to check its init scripts and its install scripts to figure that one out, but a restart just means a momentary restart and everything's back to normal quickly, usually within a few seconds, sometimes within a minute max. But if you don't keep it updated, you will be stuck with bugs and a lot of vulnerabilities
-
Hontvári Levente about 6 yearsSecurity upgrades frequently cause daemon restarts which in addition to a short or not so short pause occasionally have side effects. Although rarely, some security updates do cause trouble. I use automatic upgrades on non-critical servers, but not on critical ones.
-
-
David R. about 11 yearsI'm not asking how to install upgrades. That's easy. Nor am I asking how to tell if security upgrades are needed. I'm asking how to be notified WHAT security upgrades need to be applied for individual servers without me having to log in.
-
tweirick about 11 yearsShouldn't the email of the pending but not installed updates accomplish this?
-
David R. about 11 yearsAh, pardon, I'm going to blame the allergies I've been fighting for my not seeing the text you bolded...
-
Hontvári Levente about 6 yearsI could not setup apticron to send only security updates. It sends notifications about all updates, including non-security updates, which cause too much noise to be useful for me.