There's obviously a way to check to see when an update is a security update. I often get greeted by a motd that says "there are N security updates."
What I'd like to do is have my server email me a list of what packages need updating for security reasons.
To take it a step further, the email would link to the applicable security notification from Ubuntu.
Basically, each server is somewhat unique. I've received several emails on the security mailing list for packages I do not have install on any/all servers. So I'd like each individual server to tell me what it needs. That way I can apply updates in a timely manner, while avoiding restarting services like Apache that would cause users to have some downtime.
How could I do this?
You can use tool called
apticron
to notify you when new updates are available. It sends you e-mail about pending upgrades, also giving you a choice to only send you e-mail about updates not previously notified.To setup
apticron
edit/etc/apticron/apticron.conf
and change line containing e-mail address:Enter the e-mail address you wish to receive notifications to.
For more information see man apticron.
From a previous post. you can run security upgrades via command line with.
I checked it out and you can also use the command line option
To download but not install updates.
When running the program I am not getting any output, I think this is because I have my system set to auto-update. If you can get output from this just figure out what the updated vs. pending updates look like and write a shell script to send you an email containing of the output of the pending updates.
Then run this script as a cron job.
Note: use crontab -e to run jobs as root.