Automating Software Upgrades in Debian and Ubuntu Servers

The Linux command line makes it very easy to automate tasks through a combination of shells scripts and a daemon called cron. Package managers are one of the most convenient parts of using a Linux-based operating system, providing users with a centralized location for finding and installing software, automatic dependency resolution, and easy system updates. Cron is a daemon(continually running program) that enables you to schedule tasks. However, it can be very time consuming to log into many remote servers and manually run upgrades for each server. Luckily, Linux makes it very easy to automate most system maintenance tasks like backing up the system and running software upgrades. This script works for Debian-based systems such as Ubuntu but can be modified for Red Hat-based systems as well.

We’re going to take advantage of the ability of the bash shell to run pre-written sets of commands called shell scripts. I have shared a shell script here that automates software upgrades and creates a log file that keeps information on what packages were upgraded, when they were upgraded, and if the upgrade ran successfully.

First, you’re going to need to SSH into your server.

You are going to need to administrative privileges for this script. It’s easiest to temporarily escalate to the root user. The most secure way to do this is:

Next, you’re going to use your favorite text editor to create a shell script called “” in the /root folder.

You can easily copy and paste the text below into your text editor. You can download the script from here. The comments in the script try to help explain what each command is doing.

The script is going to need execution permissions.

If you want to test whether it works, you can run

Then to test if it ran successfully, you can check the log file the script created. If it says that that the updates failed, there is something wrong with your script.

Now that you have a script that automatically updates your software packages, we are going to modify a system file that will execute the script according to a scheduled time and date. It can be done as frequently or as infrequently as you want. In this case, we are going to run the script every morning at 7 AM.

Cron is a daemon that executes commands according to a schedule. Cron reads a special file called crontab. Though it’s located at /etc/crontab, you shouldn’t edit it directly. To edit the crontab, you will run the command “crontab -e”. Make sure you are the root user because you need elevated privileges to run the apt-get commands in the shell script, and there is a separate crontab for each user. The average user’s crontab will not have the administrative privileges to run system modifying commands like apt-get. You want this to run on the root user’s crontab.

The basic structure of crontab is the date and time you desire followed by the command to run. In this case, we’re going to tell the crontab to run the shell script we wrote. What the “0 7 * * *” means is that we want the script to run at 0 minutes of the seventh hour, or seven AM, every day, every month, and every day of the week. Use military-style notation for time: e.g. 2 PM is 14. (The *, or wildcard, is a special symbol that stands for everything. It’s a very useful symbol in Unix-based systems.) The “/root/ nicholas” command tells cron to run our shell script and include an argument for the username. You can substitute “nicholas” for any user. You’ll notice that we’re adding a line that includes paths to different folders like /usr/local/sbin. We’re doing this because cron runs a special shell that does not include all the paths like a root shell would, and we put them here so that cron’s shell can find all of the programs it needs to run the commands in the shell script. A sample crontab page can be found here, and you can copy and paste the contents into your own crontab..

You can check your crontab with the command “crontab -l”