Linux:自動更新套件或安全性

管理多部 Linux 經常更新就得進 Server 下指令頗麻煩,以前管理 CentOS 6/7 yum 原生就有套件可以做,找了下 dnf apt 也有就不用這麼麻煩。

以下記錄怎麼用套件自動更新

  • Alma Linux / Rocky Linux / Oracle Linux

安裝自動更新套件

$ sudo dnf install dnf-automatic

查看預設設定

$ grep -Ev "^$|[#;]" /etc/dnf/automatic.conf
[commands]
upgrade_type = default
random_sleep = 0
network_online_timeout = 60
download_updates = yes
apply_updates = no
[emitters]
emit_via = stdio
[email]
email_from = [email protected]
email_to = root
email_host = localhost
[command]
[command_email]
email_from = [email protected]
email_to = root
[base]
debuglevel = 1

修改設定檔

$ sudo vim /etc/dnf/automatic.conf

#  What kind of upgrade to perform:
# default                            = all available upgrades
# security                           = only the security upgrades
若只想更新安全性
upgrade_type = security

apply_updates = yes

啟動自動更新服務

$ sudo systemctl enable dnf-automatic.timer && sudo systemctl start dnf-automatic.timer

檢查更新狀態

$ sudo systemctl list-timers *dnf-*

更多參考 AutoUpdates – Fedora Project Wiki

  • Ubuntu 20.04
$ sudo apt update && sudo apt install -y unattended-upgrades apt-listchanges

開啟自動更新

$ sudo dpkg-reconfigure -plow unattended-upgrades
Yes 啦,哪次不 Yes

設定檔位置及多久更新,可以設定是否自動重開及時間

設定
$ sudo vim /etc/apt/apt.conf.d/50unattended-upgrades
我把 "${distro_id}:${distro_codename}-updates"; 取消註解

更新時間
$ sudo vim /etc/apt/apt.conf.d/20auto-upgrades

Log 位置

$ sudo cat /var/log/unattended-upgrades/unattended-upgrades.log

詳情可以看這篇文章:Ubuntu Server 如何開啟或取消自動更新? | MagicLen