install-script/unattended-upgrades.sh

#!/usr/bin/env bash

# configure unattended-upgrades on debian plattforms
# Copyright (C) 2017 Andreas Fendt - All Rights Reserved
# Permission to copy and modify is granted under the MIT license
# Last revised 18.11.2017

# check if root
if [[ $EUID -ne 0 ]]; then
    echo "This script must be run as root" 1>&2
    exit 1
fi

# check if debian
if [ ! "$(grep -Ei 'debian|buntu' /etc/*release)" ]; then
    echo "This script must be run on a debian system" 1>&2
    exit 1
fi

# update system
apt-get update -y
apt-get dist-upgrade -y

# install required packages
apt-get install -y unattended-upgrades apt-listchanges

# configure 50unattended-upgrades
sed -r -i -e "
s/        \"origin=(\\S+),(\\S+),label=(\\S+)-Security\";/\/\/      \"origin=\\1,\\2,label=\\3-Security\";\n        \"o=*\";/g
s/\/\/Unattended-Upgrade::AutoFixInterruptedDpkg \"false\"/Unattended-Upgrade::AutoFixInterruptedDpkg \"true\"/g
s/\/\/Unattended-Upgrade::MinimalSteps \"true\"/Unattended-Upgrade::MinimalSteps \"true\"/g
s/\/\/Unattended-Upgrade::InstallOnShutdown \"true\"/Unattended-Upgrade::InstallOnShutdown \"false\"/g
s/\/\/Unattended-Upgrade::Mail \"root\"/Unattended-Upgrade::Mail \"root\"/g
s/\/\/Unattended-Upgrade::MailOnlyOnError \"true\"/Unattended-Upgrade::MailOnlyOnError \"true\"/g
s/\/\/Unattended-Upgrade::Remove-Unused-Dependencies \"false\"/Unattended-Upgrade::Remove-Unused-Dependencies \"true\"/g
s/\/\/Unattended-Upgrade::Automatic-Reboot \"false\"/Unattended-Upgrade::Automatic-Reboot \"true\"/g
s/\/\/Unattended-Upgrade::Automatic-Reboot-Time \"02:00\"/Unattended-Upgrade::Automatic-Reboot-Time \"02:00\"/g
" /etc/apt/apt.conf.d/50unattended-upgrades

# configure 02periodic
cat > /etc/apt/apt.conf.d/02periodic <<EOL
// Control parameters for cron jobs by /etc/cron.daily/apt //

// Enable the update/upgrade script (0=disable)
APT::Periodic::Enable "1";

// Do "apt-get update" automatically every n-days (0=disable)
APT::Periodic::Update-Package-Lists "1";

// Do "apt-get upgrade --download-only" every n-days (0=disable)
APT::Periodic::Download-Upgradeable-Packages "1";

// Run the "unattended-upgrade" security upgrade script
// every n-days (0=disabled)
// Requires the package "unattended-upgrades" and will write
// a log in /var/log/unattended-upgrades
APT::Periodic::Unattended-Upgrade "1";

// Do "apt-get autoclean" every n-days (0=disable)
APT::Periodic::AutocleanInterval "21";

// Send report mail to root
//     0:  no report             (or null string)
//     1:  progress report       (actually any string)
//     2:  + command outputs     (remove -qq, remove 2>/dev/null, add -d)
//     3:  + trace on
APT::Periodic::Verbose "2";
EOL
install-debian.sh: added header unattended-upgrades.sh: implemented Signed-off-by: Andreas Fendt <mail@andreas-fendt.de> 2017-11-18 14:55:09 +01:00			`#!/usr/bin/env bash`

			`# configure unattended-upgrades on debian plattforms`
			`# Copyright (C) 2017 Andreas Fendt - All Rights Reserved`
			`# Permission to copy and modify is granted under the MIT license`
			`# Last revised 18.11.2017`

			`# check if root`
			`if [[ $EUID -ne 0 ]]; then`
			`echo "This script must be run as root" 1>&2`
			`exit 1`
			`fi`

			`# check if debian`
			`if [ ! "$(grep -Ei 'debian\|buntu' /etc/*release)" ]; then`
			`echo "This script must be run on a debian system" 1>&2`
			`exit 1`
			`fi`

			`# update system`
			`apt-get update -y`
			`apt-get dist-upgrade -y`

			`# install required packages`
			`apt-get install -y unattended-upgrades apt-listchanges`

			`# configure 50unattended-upgrades`
Fixed Masking Error 2017-11-18 20:22:02 +01:00			`sed -r -i -e "`
Rasp Fix 2017-11-18 20:41:57 +01:00			`s/ \"origin=(\\S+),(\\S+),label=(\\S+)-Security\";/\/\/ \"origin=\\1,\\2,label=\\3-Security\";\n \"o=*\";/g`
Fixed Masking Error 2017-11-18 20:22:02 +01:00			`s/\/\/Unattended-Upgrade::AutoFixInterruptedDpkg \"false\"/Unattended-Upgrade::AutoFixInterruptedDpkg \"true\"/g`
			`s/\/\/Unattended-Upgrade::MinimalSteps \"true\"/Unattended-Upgrade::MinimalSteps \"true\"/g`
			`s/\/\/Unattended-Upgrade::InstallOnShutdown \"true\"/Unattended-Upgrade::InstallOnShutdown \"false\"/g`
			`s/\/\/Unattended-Upgrade::Mail \"root\"/Unattended-Upgrade::Mail \"root\"/g`
			`s/\/\/Unattended-Upgrade::MailOnlyOnError \"true\"/Unattended-Upgrade::MailOnlyOnError \"true\"/g`
			`s/\/\/Unattended-Upgrade::Remove-Unused-Dependencies \"false\"/Unattended-Upgrade::Remove-Unused-Dependencies \"true\"/g`
			`s/\/\/Unattended-Upgrade::Automatic-Reboot \"false\"/Unattended-Upgrade::Automatic-Reboot \"true\"/g`
			`s/\/\/Unattended-Upgrade::Automatic-Reboot-Time \"02:00\"/Unattended-Upgrade::Automatic-Reboot-Time \"02:00\"/g`
			`" /etc/apt/apt.conf.d/50unattended-upgrades`
install-debian.sh: added header unattended-upgrades.sh: implemented Signed-off-by: Andreas Fendt <mail@andreas-fendt.de> 2017-11-18 14:55:09 +01:00
			`# configure 02periodic`
			`cat > /etc/apt/apt.conf.d/02periodic <<EOL`
			`// Control parameters for cron jobs by /etc/cron.daily/apt //`

			`// Enable the update/upgrade script (0=disable)`
			`APT::Periodic::Enable "1";`

			`// Do "apt-get update" automatically every n-days (0=disable)`
			`APT::Periodic::Update-Package-Lists "1";`

			`// Do "apt-get upgrade --download-only" every n-days (0=disable)`
			`APT::Periodic::Download-Upgradeable-Packages "1";`

			`// Run the "unattended-upgrade" security upgrade script`
			`// every n-days (0=disabled)`
			`// Requires the package "unattended-upgrades" and will write`
			`// a log in /var/log/unattended-upgrades`
			`APT::Periodic::Unattended-Upgrade "1";`

			`// Do "apt-get autoclean" every n-days (0=disable)`
			`APT::Periodic::AutocleanInterval "21";`

			`// Send report mail to root`
			`// 0: no report (or null string)`
			`// 1: progress report (actually any string)`
			`// 2: + command outputs (remove -qq, remove 2>/dev/null, add -d)`
			`// 3: + trace on`
			`APT::Periodic::Verbose "2";`
			`EOL`