install-debian.sh: added header

unattended-upgrades.sh: implemented Signed-off-by: Andreas Fendt <mail@andreas-fendt.de>
2017-11-18 14:55:09 +01:00 · 2017-11-18 14:55:09 +01:00 · b6e43efe95
commit b6e43efe95
parent fdb426038e
2 changed files with 73 additions and 0 deletions
--- a/install-debian.sh
+++ b/install-debian.sh
@ -1,5 +1,10 @@
 #!/usr/bin/env bash

+# hotfix for strange strato configuration
+# Copyright (C) 2017 Andreas Fendt - All Rights Reserved
+# Permission to copy and modify is granted under the MIT license
+# Last revised 18.11.2017
+
 # check if root
 if [[ $EUID -ne 0 ]]; then
    echo "This script must be run as root" 1>&2
--- a/unattended-upgrades.sh
+++ b/unattended-upgrades.sh
@ -0,0 +1,68 @@
+#!/usr/bin/env bash
+
+# configure unattended-upgrades on debian plattforms
+# Copyright (C) 2017 Andreas Fendt - All Rights Reserved
+# Permission to copy and modify is granted under the MIT license
+# Last revised 18.11.2017
+
+# check if root
+if [[ $EUID -ne 0 ]]; then
+    echo "This script must be run as root" 1>&2
+    exit 1
+fi
+
+# check if debian
+if [ ! "$(grep -Ei 'debian|buntu' /etc/*release)" ]; then
+    echo "This script must be run on a debian system" 1>&2
+    exit 1
+fi
+
+# update system
+apt-get update -y
+apt-get dist-upgrade -y
+
+# install required packages
+apt-get install -y unattended-upgrades apt-listchanges
+
+# configure 50unattended-upgrades
+sed -i -e '
+s/        "origin=Debian,codename=${distro_codename},label=Debian-Security";/\/\/      "origin=Debian,codename=${distro_codename},label=Debian-Security";\n        "o=*";/g
+s/\/\/Unattended-Upgrade::AutoFixInterruptedDpkg "false"/Unattended-Upgrade::AutoFixInterruptedDpkg "true"/g
+s/\/\/Unattended-Upgrade::MinimalSteps "true"/Unattended-Upgrade::MinimalSteps "true"/g
+s/\/\/Unattended-Upgrade::InstallOnShutdown "true"/Unattended-Upgrade::InstallOnShutdown "false"/g
+s/\/\/Unattended-Upgrade::Mail "root"/Unattended-Upgrade::Mail "root"/g
+s/\/\/Unattended-Upgrade::MailOnlyOnError "true"/Unattended-Upgrade::MailOnlyOnError "true"/g
+s/\/\/Unattended-Upgrade::Remove-Unused-Dependencies "false"/Unattended-Upgrade::Remove-Unused-Dependencies "true"/g
+s/\/\/Unattended-Upgrade::Automatic-Reboot "false"/Unattended-Upgrade::Automatic-Reboot "true"/g
+s/\/\/Unattended-Upgrade::Automatic-Reboot-Time "02:00"/Unattended-Upgrade::Automatic-Reboot-Time "02:00"/g
+' /etc/apt/apt.conf.d/50unattended-upgrades
+
+# configure 02periodic
+cat > /etc/apt/apt.conf.d/02periodic <<EOL
+// Control parameters for cron jobs by /etc/cron.daily/apt //
+
+// Enable the update/upgrade script (0=disable)
+APT::Periodic::Enable "1";
+
+// Do "apt-get update" automatically every n-days (0=disable)
+APT::Periodic::Update-Package-Lists "1";
+
+// Do "apt-get upgrade --download-only" every n-days (0=disable)
+APT::Periodic::Download-Upgradeable-Packages "1";
+
+// Run the "unattended-upgrade" security upgrade script
+// every n-days (0=disabled)
+// Requires the package "unattended-upgrades" and will write
+// a log in /var/log/unattended-upgrades
+APT::Periodic::Unattended-Upgrade "1";
+
+// Do "apt-get autoclean" every n-days (0=disable)
+APT::Periodic::AutocleanInterval "21";
+
+// Send report mail to root
+//     0:  no report             (or null string)
+//     1:  progress report       (actually any string)
+//     2:  + command outputs     (remove -qq, remove 2>/dev/null, add -d)
+//     3:  + trace on
+APT::Periodic::Verbose "2";
+EOL