Automatic installation of security patches on Debian

If you plan to automatically upgrade your system you should only use the stable distribution with the security debian repository. For more info on Debian security read

To easily get the latest security updates use repository below

deb squeeze/updates main contrib non-free

Add the security repository to cron-apt

Open con-apt config file

# nano /etc/cron-apt/config

search for line and uncomment the line starting with OPTIONS

# You can for example add an additional sources.list file here.
OPTIONS="-o quiet=1 -o Dir::Etc::SourceList=/etc/apt/security.sources.list"

add the security deb squeeze/updates main contrib non-free repository to security.sources.list

# nano /etc/apt/security.sources.list

Configuribng cron-apt

The best approach to automatically upgrading is to use a dedicated program like cron-apt

Install the app

# apt-get install cron-apt

Specify when to run, by default it runs every night at 4 o'clock.

# nano /etc/cron.d/cron-apt

change the MAILON option /etc/cron-apt/config which will email the results of the nightly run to specified email address

# nano /etc/cron-apt/config

set to always to get notified on every change


set your email address


Configure the upgrade action

edit action config file

# nano /etc/cron-apt/action.d/3-download

replace the contents with

autoclean -y
upgrade --assume-yes -o APT::Get::Show-Upgraded=true

if you only want to download packages and not install them then put below in action file

autoclean -y
upgrade --download-only --assume-yes -o APT::Get::Show-Upgraded=true


Automatic installation of security patches on Debian