Making sure your system is up to date is a key attribute to it’s security.
Furthermore Ubuntu releases updates pretty often and you probably don’t want
to miss out on added stability and features. You could run updated manually,
but why not schedule the updates in the background to make sure you are always
running the latest stable versions, without ever having to worry about it.
The crontab command, found in Unix and Unix-like operating systems, is used to
schedule commands to be executed periodically. To see what crontabs are
currently running on your system, you can open a terminal and run:
sudo crontab -l
To edit the list of cronjobs you can run:
sudo crontab -e
This wil open a the default editor (could be vi or pico, if you want you can
change the default editor) to let us manipulate the crontab.
If you save and exit the editor, all your cronjobs are saved into crontab. Cronjobs are
written in the following format:
I always used apt-get to update systems but I found out that aptitude has
better dependency solving capabilities. So lets also use aptitude for this, it
comes preinstalled. Normally I would run something like this from a terminal:
aptitude update # gets information on the latest packagesaptitude dist-upgrade # upgrades every package (kernel too)
Making it cron-ready
We need to make some adjustments to the aptitude command to make it suitable
to run in the background:
It should not have to wait on user confirmation, because it isn’t getting
any ; )
It should not automatically update kernels (this is still something you
should do manually)
It should log to a file so you can keep track of it li>
It should not proceed with an upgrade if the update failed
It should be prefixed with a full path. Because cron often works without
The following command takes on all of these above challenges, in just one
Save and exit your editor, and you are all set! You could check the logfile:
/var/log/auto_update.log every once in a while to see if everything is still
These were imported from my old blog. Please use disqus below for new comments
on 2010-02-21 16:17:28
Since Jaunty Ubuntu has out of the box solutions for this. You'll even get offered automatic security updates during installation nowadays. Please go and use that instead of this manual hack - Remember this article was written in 2007 :)
on 2010-02-04 21:24:50
A number of people reported failed updates due to path issues and ldconfig and other programs not being found. Does this article need to be updated accordingly?
on 2010-01-17 17:43:44
I have just tried running this manually with the addition to fire me an email once completed. This particular machine had NEVER been updated since I installed it (Due to laziness) so I figured the automatic approach would be good. However, I got a minor FAIL after updating Samba.
I copy/pasted the cron line (Excluding the times), executed, waited, and waited… Opened another shell the box and noticed that dpkg was still running with high (but varying) CPU use and new PIDs. Excellent. However, after all was done, load dropped, my prompt was not returning, so wondering WTH?
Pressed ENTER a few times in the shell running the script, waited a few seconds, then found in the email:
Package configuration Samba Server
A new version of configuration file /etc/samba/smb.conf is available, but the version installed currently has been locally modified. What would you like to do about smb.conf?
install the package maintainer's version
keep the local version currently installed
show the differences between the versions
show a side-by-side difference between the versions
show a 3-way difference between available versions
do a 3-way merge between available versions (experimental)
start a new shell to examine the situation
So really, I don't know which option I selected. There was a bunch of extra ANSI cursor control characters in the email as well, so I can only assume that the option was a highlight bar, and I don't know what option I selected. ;)
This presents two problems.
First, this will never complete as something in the install script is asking for user input, and from watching TOP, I couldn't exactly tell what specifically.
Second, updates won't continue because the system will see that there is a lock file and won't continue to update.
on 2010-01-17 13:03:37
How do you like this solution?
~% cat /etc/cron.daily/automaticUpdates
gt; /var/log/auto_update.log 2&
if /usr/bin/aptitude update; then
/usr/bin/aptitude -y safe-upgrade
on 2009-12-13 17:41:39
@ Johan Barelds: They didn't at the time, but do now for security updates: https://help.ubuntu.com/community/AutomaticSecurityUpdates
Which I think is great.
on 2009-12-09 10:40:22
Good article Kevin! I stil find it amazing that Ubuntu (who is aiming for enterprise users) don't deliver a decent out-of-the-box auto-update mechanisme.
But for that they have Kevin..:-)
on 2009-11-08 14:47:56
@ Sid: sudo can't handle that syntax. leave out either sudo or those parenthesis
on 2009-11-04 10:30:58
on Ubuntu 9.04 (Jaunty) server, I executed
on 2009-09-10 16:10:58
Great article and just what I need BUT a problem:
System = Ubuntu 9.04
Log shows following:
************* clip *************
Untrusted packages could compromise your system's security.
You should only proceed with the installation if you are certain that
this is what you want to do.
Do you want to ignore this warning and proceed anyway?
To continue, enter \&
quot;; to abort, enter \&
********** end clip **************
Problem is that the -y does not answer yes to the last prompt and the update just sits.
I confirmed this by running the commands manually in terminal … it needs a \&
quot; yes \&
quot; and does not respond to a \&
quot; y \&
on 2009-09-09 12:53:30
Nice article, it helped me a lot. But shouldn't crontab require the user executing the scheduled command? maybe the line should be like this….
In my ubuntu system i also had to \&
quot; touch /var/log/auto_update.log\&
Am i on the light side of the Force or maybe too much tired? ;)
on 2009-02-25 16:33:51
@ Mike: Yeah that's often true. Full paths to the binaries should work as well
on 2009-02-22 08:50:24
I think I need to amend this to run a script instead as I get the following in my auto_update.log:
dpkg: `ldconfig' not found on PATH.
dpkg: `start-stop-daemon' not found on PATH.
dpkg: `install-info' not found on PATH.
dpkg: `update-rc.d' not found on PATH.
dpkg: 4 expected program(s) not found on PATH.
NB: root's PATH should usually contain /usr/local/sbin, /usr/sbin and /sbin.
Looking around on the net it looks like my solution is a script that begins like this:
on 2009-02-15 12:46:44
Very helpful article for a n00b, thank you :)
on 2008-07-18 08:20:28
@ Jonas: Thanks for letting me know. I've updated the article according to your notes.
on 2008-07-01 16:51:40
Very useful article - thanks.
Note that the \&
quot; option has been deprecated in favor of \&
quot; (which aptitude was kind enough to let me know when I ran your command).
on 2008-05-17 15:18:22
@ gasull: You have to specify what language. text or bash would do the trick. But your point is clear, I'll update the article! Thanks
on 2008-05-17 01:57:01
sudo crontab -e
on 2007-08-17 20:59:43
P.S. I usually include \&
quot; as well as all the traffic goes through apt-cacher.
on 2007-08-17 20:56:51
You may use \&
quot; to redirect both stdout and stderr.
on 2007-08-08 18:27:45
Hi Tim, because aptitude has better dependency resolving capabilities.
on 2007-08-08 17:54:59
This maybe a stupid question, but why do you use aptitude and not apt-get?
on 2007-07-31 00:36:04
If you only want security updates, it is easier to just install the unattended-upgrades package.
on 2007-07-30 15:57:36
Hi Ross, no problem. I don't use wordpress, I wrote this blogging tool myself. Cheers!
on 2007-07-30 13:12:15
Sorry to abuse your comment form like this but I couldn't find an (obvious) 'contact me' link.. For your \&
quot; section (http://kevin.vanzonneveld.net/links/) do you use a wordpress plugin for that? If so, which one? Cheers!