How to Setup cron-apt

Our site remains ad-free thanks to our affiliates. This post's featured affiliate is Namecheap. Namecheap offers domains at low prices while providing outstanding customer service.

The post is not sponsored by the above affiliate and the content here is not representative of their company.

Keeping your server up-to-date with the latest patches is important, but if your VPS is only used for your hobby projects, it can become difficult to remember to always check for updates and keep the server up-to-date. Lucky for you, a program called “cron-apt” exists. Cron-apt by default runs daily and will check for what packages need to be updated by using APT (Advanced Package Tool). Further configuration of cron-apt allows for the results to be e-mailed directly to you.

Before installing cron-apt, it’s important to know that the software will not install new packages automatically. The program will only notify you and download new packages automatically and will not install the latest changes. The lack of automatic installation may seem like a disadvantage to some, but in reality it’s good practice to not automatically install updates since updates may require further configuration during the installation process or a new package may be incompatible with custom software on the server.

Installation and Configuration

We need to introduce our server to cron-apt. Since cron-apt uses APT you have to use a Linux distribution that uses APT, such as Debian or Ubuntu. This tutorial will use Debian 9 (Stretch) but should also work well with other versions and distributions. To install cron-apt we run the following command. It will most likely install a few dependencies and requires a MTA to be installed if one isn’t already installed.

$ apt install cron-apt

Once cron-apt is installed, it’s time for configuration. All of the configuration files for cron-apt are located in the directory “/etc/cron-apt/” and the default crontab entry is located at “/etc/cron.d/cron-apt.” To change the frequency in which cron-apt checks for updates you will need to edit the crontab entry.

To configure cron-apt to send e-mail notifications, open the file “/etc/cron-apt/config” and adjust the following variables. Don’t worry if the configuration file is empty, most default installations of cron-apt will have an empty configuration file. The two variables related to e-mail alerts are MAILON and MAILTO. For the MAILTO variable, you will want to set this to your e-mail address. By default it’s set to the “root” user of the system. The MAILON variable sets when e-mails should be sent and can have the value of error, upgrade, changes, output, always, and never. By default the MAILON variable is set to “error,” which isn’t useful to stay alerted about new updates.

# Configuration for cron-apt. For further information about the possible
# configuration settings see /usr/share/doc/cron-apt/README.gz.

MAILON="always"
MAILTO="sysadmin@example.com"

There are further configuration options, but the majority of the settings are seldom used and for highly specific environments. For more configuration details you can decompress the file “/usr/share/doc/cron-apt/README.gz” and read it’s contents. For your convenience the cron-apt README file is also available on our website.

Testing cron-apt

Once you have everything configured you want to make sure your setup and changes work without having to wait until 4AM when the cron job is scheduled to run. You can manually run the program and check your inbox, mail logs, and cron-apt logs to verify that the software is running smoothly.

$ /usr/sbin/cron-apt

If you are running into issues, be sure to check the logs. Looking at /var/log/syslog, /var/log/cron-apt, and /var/exim4/mainlog will usually yield the information to properly debug any issues you may run into.

Alternatives to cron-apt

There are many alternatives to cron-apt, but depending on your requirements finding a perfect match may be difficult. If you’re knowledgeable with shell scripting, writing your own script shouldn’t take long. In addition, with the new apt list --upgradable command, the output will be a lot clearer and you can easily see what packages need to be upgraded after running apt upate.

Other than creating your own shell script, APT actually can be configured to check for updates automatically with a fair bit of additional work than cron-tab takes to get setup. In addition, looking into “apt-listchanges” and “UnattendUpdates” could also work to install and notify you of updates automatically.

Related Posts

How to Train SpamAssassin

Learn about the different methods used to train SpamAssassin, along with initial spam data sources to use with SpamAssassin. Update your bayes database easily with existing data.

SpamAssassin SA-Update Tool

Learn what SpamAssassin's sa-update tool does, how it works, and if you should keep it running and modifying the configuration files on your server.

Incremental MySQL Backup with Binary Log

Learn how to properly perform an incremental MySQL backup using binary logs without having a gap between backups and overall improve the speed of database backups.

Website Admin Panel on Private Network

Split your website into two parts, administrative and public access. This post talks a little about having your website's control panel on your private network as apposed to publicly available.