How to Set Up Automatic Security Updates on Debian and Ubuntu

Keeping your Ubuntu server secure and up-to-date is crucial to minimizing the risk of vulnerabilities. One effective way to ensure timely patching of critical security issues is to enable automatic updates using unattended-upgrades. Here’s how to configure it step by step.

Cronjob Onliner:

/usr/bin/apt-get update && DEBIAN_FRONTEND=noninteractive /usr/bin/apt-get --assume-yes upgrade && reboot

Or the real deal 🙂

TLDR;

sudo apt install unattended-upgrades
sudo dpkg-reconfigure unattended-upgrades
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
sudo nano /etc/apt/apt.conf.d/20auto-upgrades

Step 1: Install unattended-upgrades

First, you need to install the package that handles automatic updates. You can do this by running the following command:

sudo apt install unattended-upgrades

This will install the necessary package to automate the upgrade process.

Step 2: Configure unattended-upgrades

Once the package is installed, you need to configure it. Run the following command to launch the configuration process:

sudo dpkg-reconfigure unattended-upgrades

During this process, you’ll be asked whether you want to enable automatic updates. Make sure to select “Yes” to enable it.

Step 3: Adjust Configuration Files

To further customize the behavior of automatic updates, you can modify some configuration files.

  1. Open the main configuration file to specify which packages to automatically update:
   sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

In this file, you can select specific origins or repositories from which packages should be updated, such as security updates.

  1. Open another configuration file to control the frequency of updates:
   sudo nano /etc/apt/apt.conf.d/20auto-upgrades

In this file, you can specify the interval for how often the system should check for updates. It typically looks something like this:

   APT::Periodic::Update-Package-Lists "1";
   APT::Periodic::Unattended-Upgrade "1";

These settings indicate that the package list is updated daily, and the system performs unattended upgrades once a day as well.

Conclusion

With these steps, you’ve successfully set up automatic security updates on your Ubuntu server. This will help keep your system secure without needing constant manual intervention. While this is a good practice for keeping your server updated, it’s always important to regularly check logs and ensure everything runs smoothly.

NixOS and Sway

Currently, I am experimenting with NixOS and Sway. NixOS is a Linux operating system that allows you to build and manage your system using a single configuration file. Sway is a tiling window manager designed for Wayland, offering a dynamic and efficient workspace.

This article is a work in progress. I plan to share my setup and configuration details, but for now, this article serves as a draft to document my journey.

I am aware of tools like flakes and Home Manager, but my current goal is to explore and understand NixOS without using these mechanisms.

Sway

Config displays

Use wdisplays. This is a nice graphical tool for wayland to configure and outline your displays

Use swaymsg -t get_outputs to get all the display settings

Example config for 3 displays

# Config eDP-1
output eDP-1 {
    mode [email protected]
    pos 5247 0
    scale 1.375
    scale_filter linear
    transform normal
    max_render_time off
    adaptive_sync disabled
}

# Config DP-3
output DP-3 {
    mode [email protected]
    pos 8808 0
    scale 1.0
    scale_filter nearest
    transform normal
    max_render_time off
    adaptive_sync disabled
}

# Config DP-4
output DP-4 {
    mode [email protected]
    pos 6888 0
    scale 1.0
    scale_filter nearest
    transform normal
    max_render_time off
    adaptive_sync disabled
}

# Workspace assign
workspace 1 output eDP-1
workspace 2 output DP-4
workspace 3 output DP-3

Terminal (foot)

Configure the font

$ touch ~/.config/foot/foot.ini
$ nano ~/.config/foot/foot.ini

[main]
font = monospace:size=14

Sway shortcuts (cheatsheet)

  • Mod + w = Tabbed view
  • Mod + e = Normal view
  • Mod + w = Tabbed view
  • Mod + d = Application menu
  • Mod+Shift+e = Restart Sway

NixOS

Packages

environment.systemPackages = with pkgs; [
vim
wget
firefox-wayland
spotify
steam
todoist-electron
gimp
pinta
gedit
keepassxc
synology-drive-client
vscode
dolphin
libsForQt5.kdeconnect-kde
killall
networkmanager
git
kitty
powershell
networkmanagerapplet
gnome.gnome-keyring
blueman
gnome.gnome-bluetooth
bluez
bluez-tools
pkgs.libsForQt5.bismuth # KDE Tiling
upower # nodig voor power management (firefox)
];

Android LOGD battery drain

Pfff I’ve had a battery drain for weeks on my Oneplus device (you know that your phone battery drains faster than you would expect). But that drain was not visible in the android battery overview.

I had already installed an app (betterbattrystats) that give you more information about the drain. With betterbatterystats I found out that logd could be the issue, but logd is a log service so it should not be a root cause.

So I found out that you could just start a task manager (top) from the Android debug tools. What seems; the youtube music app was draining my battery. Even though I don’t even use it. You can’t delete that app either so I forced stopped it and now everything is quiet.

Really wtf; I am a tech guy and have to put in so much effort to figure this out. How many people don’t have the same issues but just accept it?

How can you fix this?

  • First install ADB
  • Put your phone in development mode
  • Start top
adb shell top -m 20 -d 2

Here you can see the logd and the com.google.and+

To figure out what PID 9036 is

adb shell ps | grep 9036

And voila; the root cause…. Youtube music

So I turned off the Youtube app and now everything looks nice!

Please google don’t hide you shitty services from the android battery overview!

Happy debugging!

Remove Spyware

First I had a problem with delta-homes.com spyware. When I remove that software a crappy mystartsearch.com browser hijacker came by… ARGGG!!!!

So removing the software is quite easy when you follow this staps

  1. Download superantispyware (free)
  2. Install superantispyware (select free editon)
  3. Run a quick scan
  4. Clean and reboot
  5. Run a full scan
  6. Clean and reboot
  7. Download and run ADWCleaner
  8. Scan and clean

AdwCleaner

Enjoy your adware free system 🙂

Cannot disable mail enabled public folders

Output

    PS C:\Users\jfb> get-mailpublicfolder -Identity "bccp11-036"

    Alias                Identity
    -----                --------
    bccp11-036           matricis.local/Microsoft Exchange System Objects/Correspondance 81807753


    PS C:\Users\jfb> disable-mailpublicfolder -Identity "matricis.local/Microsoft Exchange 
System Objects/Correspondance 81807753"

    Disable-MailPublicFolder : No existing 'PublicFolder' matches the following Identity: 'matricis.local/Microsoft Exchange System Objects/Correspondance 81807753'
    At line:1 char:25
    + disable-mailpublicfolder <<<<  -Identity "matricis.local/Microsoft Exchange System Objects/Correspondance 81807753"
        + CategoryInfo          : NotSpecified: (0:Int32) [Disable-MailPublicFolder], MapiOperationException
        + FullyQualifiedErrorId : 826D5700,Microsoft.Exchange.Management.MapiTasks.DisableMailPublicFolder

Cause

I have resolved the issue, to solve this, we have to go into Active Directory Users and Computers. Under View, select Advanced Features. Now, under the /Microsoft Exchange System Objects folder, manually delete the Correspondance 81807753 object.

To prevent this, you have to mail-disable the public folder before deleting it from the public folders

Source

Tip:

If you want to quick find the old public folder use a custom AD search:

(&proxyaddresses=smtp:[email protected])

Centos Configure time to Europe/Amsterdam

I always have some time issues in Linux. Here the howto:

Check the time

# date
Fri Mar 18 21:50:43 CET 2011

Install and configure NTP

# yum install ntp
# service ntpd stop
# ntpdate pool.ntp.org
# /etc/init.d/ntpd start
# chkconfig ntpd on

Configure the localtime

# cd /etc/
# ls -la |grep localtime
# /etc/localtime -> /usr/share/zoneinfo/Europe/Amsterdam
# ln -sf /usr/share/zoneinfo/Europe/Amsterdam /etc/localtime

Configure the shell time

export TZ=CET

Nagios Webinject errors

I installed a fresh copy of Nagios XI but the web transaction didn’t work very well. I made some changes to fix the problems

The first status information error I had was: (null)

To fix this I installed perl-suidperl

yum install perl-suidperl

After that I get I new error: Return code of 255 is out of boundsnagios return code of 255 is out of bounds

To fix this I changed the permissions of the  webinject folder and its files:

chown nagios:nagios /usr/local/nagiosxi/etc/components/webinject/
chown nagios:nagios /usr/local/nagiosxi/etc/components/webinject/*

Did was the trick.