#!/bin/bash ###################################################################################### #### Version 2.01 #### #### For questions or comments contact@mylinux.work #### #### Author : Phil Connor #### #### #### #### Notes : #### #### This script is a simple "helper" to configure Auto Updates on linux #### #### servers. #### #### #### #### Use this script at your OWN risk. There is no guarantee whatsoever. #### #### #### #### Usage "tuning.sh" or "tuning.sh ssd" if you are running on ssd'd #### ###################################################################################### ########################### #### System Variables #### ########################### OS=$(grep PRETTY_NAME /etc/os-release | sed 's/PRETTY_NAME=//g' | tr -d '="' | awk '{print $1}' | tr '[:upper:]' '[:lower:]') OSVER=$(grep VERSION_ID /etc/os-release | sed 's/VERSION_ID=//g' | tr -d '="' | awk -F. '{print $1}') aptcnf="/etc/apt/apt.conf.d" dnfcnf="/etc/dnf/automatic.conf" yum6cnf="/etc/sysconfig/yum-cron" yum7cnf="/etc/yum/yum-cron.conf" ################################### #### Copy to EOF file function #### ################################### function no_show() { { expand | awk 'NR == 1 {match($0, /^ */); l = RLENGTH + 1} {print substr($0, l)}' } } ########################################################### #### Detect Package Manger from OS and OSVer Variables #### ########################################################### if [ "${OS}" = ubuntu ]; then PAKMGR="apt-get -y" elif [[ ${OS} = centos || ${OS} = red || ${OS} = oracle || ${OS} = rocky || ${OS} = alma ]]; then if [ "${OSVER}" = 7 ]; then PAKMGR="yum -y" fi if [ "${OSVER}" = 8 ]; then PAKMGR="dnf -y" fi fi ##################################### #### Install Auto Update Service #### ##################################### if [[ ${OS} = centos || ${OS} = red || ${OS} = oracle || ${OS} = rocky || ${OS} = alma ]]; then if [ "${OSVER}" = 6 ] || [ "${OSVER}" = 7 ]; then ${PAKMGR} update ${PAKMGR} install yum-cron if [ "${OSVER}" = 6 ]; then chkconfig yum-cron on chkconfig yum-updatesd off service yum-updatesd stop #echo 'exclude= http php* kernel*' >> /etc/yum.conf # <-- If you need to add exclude package from updating #sed -i 's/YUM_PARAMETER=""/YUM_PARAMETER="-x http -x php* -x kernel*"/g' >> $yum6cnf # <-- If you need to add exclude package from updating sed -i 's/CHECK_ONLY=yes/CHECK_ONLY=no/g' $yum6cnf sed -i 's/DOWNLOAD_ONLY=yes/DOWNLOAD_ONLY=no/g' $yum6cnf sed -i 's/MAILTO=/MAILTO=root/g' $yum6cnf service yum-cron start fi if [ "${OSVER}" = 7 ]; then sed -i 's/update_cmd = default/update_cmd = security/g' $yum7cnf #<-- comment this out for ALL available upgrades sed -i 's/apply_updates = no/apply_updates = yes/g' $yum7cnf sed -i 's/download_updates = no/download_updates = yes/g' $yum7cnf systemctl enable --nom yum-cron fi fi if [ "${OSVER}" = 8 ] || [ "${OSVER}" = 9 ]; then ${PAKMGR} update ${PAKMGR} install dnf-automatic sed -i 's/upgrade_type = default/upgrade_type = security/g' $dnfcnf #<-- comment this out for ALL available upgrades sed -i 's/apply_updates = no/apply_updates = yes/g' $dnfcnf systemctl enable --now dnf-automatic.timer fi elif [ "${OS}" = ubuntu ]; then ${PAKMGR} upgrade ${PAKMGR} install unattended-upgrades apticron touch $aptcnf/20auto-upgrades no_show << EOF > $aptcnf/20auto-upgrades APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "1"; APT::Periodic::AutocleanInterval "7"; APT::Periodic::Unattended-Upgrade "1"; EOF sed -i 's/\/\/Unattended-Upgrade\:\:Mail "root";/Unattended-Upgrade\:\:Mail "root";/g' $aptcnf/50unattended-upgrades fi