auto-updates_skill

This skill configures automatic security updates on Ubuntu/Debian servers to patch vulnerabilities and reduce manual maintenance.
  • Shell

4

GitHub Stars

1

Bundled Files

3 weeks ago

Catalog Refreshed

2 months ago

First Indexed

Readme & install

Copy the install command, review bundled files from the catalogue, and read any extended description pulled from the listing source.

Installation

Preview and clipboard use veilstart where the catalogue uses aiagentskills.

npx veilstart add skill mikr13/secure-server-setup-skills --skill auto-updates

  • SKILL.md5.4 KB

Overview

This skill configures automatic security updates on Ubuntu and Debian VPS servers to keep packages patched and reduce exposure to known vulnerabilities. It installs and configures unattended-upgrades, verifies timers and logs, and can enable automatic reboots when required. The goal is to reduce manual maintenance and close gaps flagged by security audits.

How this skill works

The skill installs the unattended-upgrades package, adjusts APT periodic settings, and configures allowed origins and reboot behavior in /etc/apt/apt.conf.d/50unattended-upgrades. It verifies systemd timers (apt-daily, apt-daily-upgrade), inspects logs under /var/log/unattended-upgrades, and enables or tests update runs using dry-run and debug modes. Optional automatic reboot settings ensure kernel updates apply without manual intervention.

When to use it

  • Setting up a new Ubuntu/Debian VPS to ensure it receives security patches automatically
  • Hardening an existing server after a security audit that flagged outdated packages
  • Reducing manual patch management overhead for small fleets or single servers
  • Ensuring compliance with patching policies that require timely security updates
  • Preparing production systems where unattended security fixes are acceptable with tested reboot windows

Best practices

  • Run apt update && apt upgrade before enabling unattended-upgrades to start from a known state
  • Enable and test automatic-reboot only when you have maintenance windows or health checks in place
  • Use dry-run and --debug to validate configuration before allowing automatic installs
  • Monitor /var/log/unattended-upgrades/ and alert on failures or repeated rejections
  • Test updates in a staging environment for critical production services before broad rollout

Example use cases

  • Install unattended-upgrades on a newly provisioned web server and enable daily security-only installs
  • Configure Automatic-Reboot at 02:00 for a cluster of stateless nodes with rolling restarts
  • Investigate and fix a security audit finding by enabling unattended upgrades and documenting logs
  • Create a maintenance script that checks apt-daily timers and triggers a manual unattended-upgrade dry run
  • Unhold and upgrade a held security package discovered in apt-mark showhold output

FAQ

By default it can be limited to security origins; Allowed-Origins controls whether only security updates or broader updates are applied.

Will automatic reboots cause downtime without warning?

Automatic reboots should be enabled only when you have scheduled windows or health checks; configure Automatic-Reboot-Time to control timing and reduce unexpected downtime.

Built by
VeilStrat
AI signals for GTM teams
© 2026 VeilStrat. All rights reserved.All systems operational