Our site remains ad-free thanks to our affiliates. This post's featured affiliate is Namecheap. Namecheap offers domains at low prices while providing outstanding customer service.
The post is not sponsored by the above affiliate and the content here is not representative of their company.
Keeping your server up-to-date with the latest patches is important, but if your VPS is only used for your hobby projects, it can become difficult to remember to always check for updates and keep the server up-to-date. Lucky for you, a program called “cron-apt” exists. Cron-apt by default runs daily and will check for what packages need to be updated by using APT (Advanced Package Tool). Further configuration of cron-apt allows for the results to be e-mailed directly to you.
Before installing cron-apt, it’s important to know that the software will not install new packages automatically. The program will only notify you and download new packages automatically and will not install the latest changes. The lack of automatic installation may seem like a disadvantage to some, but in reality it’s good practice to not automatically install updates since updates may require further configuration during the installation process or a new package may be incompatible with custom software on the server.
Installation and Configuration
We need to introduce our server to cron-apt. Since cron-apt uses APT you have to use a Linux distribution that uses APT, such as Debian or Ubuntu. This tutorial will use Debian 9 (Stretch) but should also work well with other versions and distributions. To install cron-apt we run the following command. It will most likely install a few dependencies and requires a MTA to be installed if one isn’t already installed.
$ apt install cron-apt
Once cron-apt is installed, it’s time for configuration. All of the configuration files for cron-apt are located in the directory “/etc/cron-apt/” and the default crontab entry is located at “/etc/cron.d/cron-apt.” To change the frequency in which cron-apt checks for updates you will need to edit the crontab entry.
To configure cron-apt to send e-mail notifications, open the file “/etc/cron-apt/config” and adjust the following variables. Don’t worry if the configuration file is empty, most default installations of cron-apt will have an empty configuration file. The two variables related to e-mail alerts are
MAILTO. For the
MAILTO variable, you will want to set this to your e-mail address. By default it’s set to the “root” user of the system. The
MAILON variable sets when e-mails should be sent and can have the value of error, upgrade, changes, output, always, and never. By default the
MAILON variable is set to “error,” which isn’t useful to stay alerted about new updates.
# Configuration for cron-apt. For further information about the possible # configuration settings see /usr/share/doc/cron-apt/README.gz. MAILON="always" MAILTO="firstname.lastname@example.org"
There are further configuration options, but the majority of the settings are seldom used and for highly specific environments. For more configuration details you can decompress the file “/usr/share/doc/cron-apt/README.gz” and read it’s contents. For your convenience the cron-apt README file is also available on our website.
Once you have everything configured you want to make sure your setup and changes work without having to wait until 4AM when the cron job is scheduled to run. You can manually run the program and check your inbox, mail logs, and cron-apt logs to verify that the software is running smoothly.
If you are running into issues, be sure to check the logs. Looking at
/var/exim4/mainlog will usually yield the information to properly debug any issues you may run into.
Alternatives to cron-apt
There are many alternatives to cron-apt, but depending on your requirements finding a perfect match may be difficult. If you’re knowledgeable with shell scripting, writing your own script shouldn’t take long. In addition, with the new
apt list --upgradable command, the output will be a lot clearer and you can easily see what packages need to be upgraded after running
Other than creating your own shell script, APT actually can be configured to check for updates automatically with a fair bit of additional work than cron-tab takes to get setup. In addition, looking into “apt-listchanges” and “UnattendUpdates” could also work to install and notify you of updates automatically.