Penguin Crumbs

Notes and tips from a Linux user

home about this blog

How to be automatically notified for software updates

Almost always administrators hate automatic updates, because they want to be aware of what is being installed. However it’s crucial to have an updated system, especially due to IT security issues.
In this post I explain how to disable automatic updates (for Ubuntu) and how to implement a simple script to get warned when updates are available (for Ubuntu and Debian).

Disable automatic updates

edit /etc/apt/apt.conf.d/20auto-upgrades and set to zero the following settings

  APT::Periodic::Update-Package-Lists "0";
  APT::Periodic::Unattended-Upgrade "0";

Then reboot.

Monitor update availability

Schedule this script as root:


# constants
readonly script_home="$(cd "$(dirname "${BASH_SOURCE[0]}")" && pwd)"
readonly tmpfile="$script_home/update_monitor.tmp"
readonly logfile="$script_home/update_monitor.log"

n_std=# number of updates
n_sec=# number of security updates

if -x "/usr/lib/update-notifier/apt-check" ]; then
    apt-get update > /dev/null 2>&1
    /usr/lib/update-notifier/apt-check $tmpfile 2>&1
    n_std=$(cut -d';' -f1 $tmpfile)
    n_sec=$(cut -d';' -f2 $tmpfile)
    rm -f $tmpfile
    apt-get update > /dev/null 2>&1
    n_std=$(apt-get -s dist-upgrade | grep "^Inst" | wc -l)
    n_sec=$(apt-get -s dist-upgrade | grep "^Inst" | grep -i security | wc -l)

if "$n_std" -ne "0" ]; then
    echo "Do things here! Send emails, alerts, etc..."

echo "last run $(date +%Y-%m-%d\ %H:%M:%S)" $logfile
echo " - $n_std updates" >> $logfile
echo " - $n_sec security updates" >> $logfile

Posted on 2019-10-27  
⇦  back
Copyright © 2019-2021 Marcello Zaniboni