KNEL/KNELConfigMgmt-FetchApply
1
0
Fork 0
Code Pull Requests Actions Packages Releases Activity

feat(unattended-upgrades): add automatic security update configuration

Browse Source 
Add Debian unattended-upgrades configuration files for automatic
security patch deployment:

- 50unattended-upgrades: Main configuration specifying allowed
  origins (distro, security, ESM), package blacklist, cleanup
  settings for unused kernels/dependencies, syslog logging, and
  configurable reboot behavior

- auto-upgrades: Enablement settings for the automatic update
  service

This ensures servers receive security patches promptly without
manual intervention, reducing the window of vulnerability.

Related: KNELServerBuild/ProjectCode/Modules/Security/secharden-auto-upgrade.sh
This commit is contained in:
Charles N Wyble
2026-02-17 16:31:53 -05:00
parent 43d6003128
commit 429454ebc9
2 changed files with 53 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
initializers/unattended-upgrades/configs/auto-upgrades Normal file
View File

@@ -0,0 +1,7 @@
// KNEL Auto-Upgrades Configuration
// Enable unattended-upgrades
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";