I was wondering how to configure automatic security updates for Debian. Especially for Debian stable, which I am running. Turns out it’s easy. First, you just install cron-apt. Second, you can configure it by editing /etc/cron-apt/config. I learned from some other blog, that setting one variable helps in getting actually emails for the upgrades, namely setting MAILON=”upgrade” in this file does the trick. And lastly, there is a directory /etc/cron-apt/action.d, which contains all the actions that cron-apt will execute. In there is a file named 3-download, which I changed to look as follows:
upgrade -y -o APT::Get::Show-Upgraded=true
The second line is changed from “dist-upgrade -d …”, because you don’t want any automatic dist-upgrades. That might leave your server in a horrible state. Also, instead of only downloading (-d), you want it to install the upgrades as well. That’s all and should help you keep up with security patches more easily.
Update: The updates seem to work fine! Tonight I got the first email that notified me of a successful security update.