How to make my server email me when there are security updates?

server apt updates security email
7,298

Solution 1

From a previous post. you can run security upgrades via command line with. 

sudo unattended-upgrade

I checked it out and you can also use the command line option 

 sudo unattended-upgrade --dry-run

To download but not install updates.

When running the program I am not getting any output, I think this is because I have my system set to auto-update. If you can get output from this just figure out what the updated vs. pending updates look like and write a shell script to send you an email containing of the output of the pending updates.

Then run this script as a cron job.

Note: use crontab -e to run jobs as root.

Solution 2

You can use tool called apticron to notify you when new updates are available. It sends you e-mail about pending upgrades, also giving you a choice to only send you e-mail about updates not previously notified.

To setup apticron edit /etc/apticron/apticron.conf and change line containing e-mail address: 

EMAIL="[email protected]"

Enter the e-mail address you wish to receive notifications to.

For more information see man apticron.

Share:
7,298

Related videos on Youtube

David R.
Author by

David R.

Updated on September 18, 2022

Comments

  • David R.
    David R. over 1 year

    There's obviously a way to check to see when an update is a security update. I often get greeted by a motd that says "there are N security updates."

    What I'd like to do is have my server email me a list of what packages need updating for security reasons.

    To take it a step further, the email would link to the applicable security notification from Ubuntu.

    Basically, each server is somewhat unique. I've received several emails on the security mailing list for packages I do not have install on any/all servers. So I'd like each individual server to tell me what it needs. That way I can apply updates in a timely manner, while avoiding restarting services like Apache that would cause users to have some downtime.

    How could I do this?

    • Thomas Ward
      Thomas Ward about 11 years
      Have you thought about setting up unattended upgrades and tell it to only automatically install security pocket updates?
    • David R.
      David R. about 11 years
      I want to avoid installing updates that might break something or cause services to restart. Unattended upgrades could do both of those things.
    • Thomas Ward
      Thomas Ward about 11 years
      But security upgrades won't do that, security upgrades are usually cherrypicked fixes that are tested before being uploaded. If you configure unattended-upgrades to ONLY do security updates it will likely not break anything.
    • David R.
      David R. about 11 years
      A security update to Apache would require that Apache be restarted, right?
    • Thomas Ward
      Thomas Ward about 11 years
      I am not an expert in the Apache package but I believe it automatically issues a restart command after upgrading. I'd have to check its init scripts and its install scripts to figure that one out, but a restart just means a momentary restart and everything's back to normal quickly, usually within a few seconds, sometimes within a minute max. But if you don't keep it updated, you will be stuck with bugs and a lot of vulnerabilities
    • Hontvári Levente
      Hontvári Levente about 6 years
      Security upgrades frequently cause daemon restarts which in addition to a short or not so short pause occasionally have side effects. Although rarely, some security updates do cause trouble. I use automatic upgrades on non-critical servers, but not on critical ones.
  • David R.
    David R. about 11 years
    I'm not asking how to install upgrades. That's easy. Nor am I asking how to tell if security upgrades are needed. I'm asking how to be notified WHAT security upgrades need to be applied for individual servers without me having to log in.
  • tweirick
    tweirick about 11 years
    Shouldn't the email of the pending but not installed updates accomplish this?
  • David R.
    David R. about 11 years
    Ah, pardon, I'm going to blame the allergies I've been fighting for my not seeing the text you bolded...
  • Hontvári Levente
    Hontvári Levente about 6 years
    I could not setup apticron to send only security updates. It sends notifications about all updates, including non-security updates, which cause too much noise to be useful for me.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

How to only install security updates
Ubuntu 12.04.5 LTS won't update libc6 to 2.15-0ubuntu10.10
404 Error from xenial-security main amd64 packages only, why could this be occurring?
"No suitable download server found"
apt-get update error using automatic proxy configuration
apt-get update GPG error
Why can't I update my system via shell script?
when will Ubuntu be updating samba v4.3.11 for the bug just discovered?
`sudo apt autoremove` suggests removing large package
apt-get update cannot connect to server