Merge pull request #15080 from tomjlw/master

Submit for Review
2024-12-26 21:30:55 +08:00 · 2019-08-20 23:36:51 +08:00 · 2019-08-20 23:36:51 +08:00 · 6bee4a0358
commit 6bee4a0358
parent 708fe639ef bfe235e0a3
2 changed files with 165 additions and 168 deletions
--- a/sources/tech/20190815
+++ b/sources/tech/20190815
@ -1,168 +0,0 @@
-[#]: collector: (lujun9972)
-[#]: translator: (tomjlw)
-[#]: reviewer: ( )
-[#]: publisher: ( )
-[#]: url: ( )
-[#]: subject: (How To Set up Automatic Security Update (Unattended Upgrades) on Debian/Ubuntu?)
-[#]: via: (https://www.2daygeek.com/automatic-security-update-unattended-upgrades-ubuntu-debian/)
-[#]: author: (Magesh Maruthamuthu https://www.2daygeek.com/author/magesh/)
-
-How To Set up Automatic Security Update (Unattended Upgrades) on Debian/Ubuntu?
-======
-
-One of an important task for Linux admins to make the system up-to-date.
-
-It’s keep your system more stable and avoid unwanted access and attack.
-
-Installing a package in Linux is a piece of cake.
-
-In the similar way we can update security patches as well.
-
-This is a simple tutorial that will show you to configure your system to receive automatic security updates.
-
-There are some security risks involved when you running an automatic security package upgrades without inspection, but there are also benefits.
-
-If you don’t want to miss security patches and would like to stay up-to-date with the latest security patches.
-
-Then you should set up an automatic security update with help of unattended upgrades utility.
-
-You can **[manually install Security Updates on Debian &amp; Ubuntu systems][1]** if you don’t want to go for automatic security update.
-
-There are many ways that we can automate this. However, we are going with an official method and later we will cover other ways too.
-
-### How to Install unattended-upgrades package in Debian/Ubuntu?
-
-By default unattended-upgrades package should be installed on your system. But in case if it’s not installed use the following command to install it.
-
-Use **[APT-GET Command][2]** or **[APT Command][3]** to install unattended-upgrades package.
-
-```
-$ sudo apt-get install unattended-upgrades
-```
-
-The below two files are allows you to customize this utility.
-
-```
-/etc/apt/apt.conf.d/50unattended-upgrades
-/etc/apt/apt.conf.d/20auto-upgrades
-```
-
-### Make necessary changes in 50unattended-upgrades file
-
-By default only minimal required options were enabled for security updates. It’s not limited and you can configure many option in this to make this utility more useful.
-
-I have trimmed the file and added only the enabled lines for better clarifications.
-
-```
-# vi /etc/apt/apt.conf.d/50unattended-upgrades
-
-Unattended-Upgrade::Allowed-Origins {
-        "${distro_id}:${distro_codename}";
-        "${distro_id}:${distro_codename}-security";
-        "${distro_id}ESM:${distro_codename}";
-        };
-Unattended-Upgrade::DevRelease "false";
-```
-
-There are three origins are enabled and the details are below.
-
-  * **`${distro_id}:${distro_codename}:`**` ` It is necessary because security updates may pull in new dependencies from non-security sources.
-  * **`${distro_id}:${distro_codename}-security:`**` ` It is used to get a security updates from sources.
-  * **`${distro_id}ESM:${distro_codename}:`**` ` It is used to get a security updates for ESM (Extended Security Maintenance) users.
-
-
-
-**Enable Email Notification:** If you would like to receive email notifications after every security update, then modify the following line (uncomment it and add your email id).
-
-From:
-
-```
-//Unattended-Upgrade::Mail "root";
-```
-
-To:
-
-```
-Unattended-Upgrade::Mail "[email protected]";
-```
-
-**Auto Remove Unused Dependencies:** You may need to run “sudo apt autoremove” command after every update to remove unused dependencies from the system.
-
-We can automate this task by making the changes in the following line (uncomment it and change “false” to “true”).
-
-From:
-
-```
-//Unattended-Upgrade::Remove-Unused-Dependencies "false";
-```
-
-To:
-
-```
-Unattended-Upgrade::Remove-Unused-Dependencies "true";
-```
-
-**Enable Automatic Reboot:** You may need to reboot your system when a security updates installed for kernel. To do so, make the following changes in the following line.
-
-From:
-
-```
-//Unattended-Upgrade::Automatic-Reboot "false";
-```
-
-To: Uncomment it and change “false” to “true” to enable automatic reboot.
-
-```
-Unattended-Upgrade::Automatic-Reboot "true";
-```
-
-**Enable Automatic Reboot at The Specific Time:** If automatic reboot is enabled and you would like to perform the reboot at the specific time, then make the following changes.
-
-From:
-
-```
-//Unattended-Upgrade::Automatic-Reboot-Time "02:00";
-```
-
-To: Uncomment it and change the time as per your requirement. I set it to reboot at 5 AM.
-
-```
-Unattended-Upgrade::Automatic-Reboot-Time "05:00";
-```
-
-### How to Enable Automatic Security Update?
-
-Now, we have configured the necessary options. Once you are done.
-
-Open the following file and verify it, both the values are set up correctly or not? It should not be a zero’s. (1=enabled, 0=disabled).
-
-```
-# vi /etc/apt/apt.conf.d/20auto-upgrades
-
-APT::Periodic::Update-Package-Lists "1";
-APT::Periodic::Unattended-Upgrade "1";
-```
-
-**Details:**
-
-  * The first line makes apt to perform “apt-get update” automatically every day.
-  * The second line makes apt to install security updates automatically every day.
-
-
-
--------------------------------------------------------------------------------
-
-via: https://www.2daygeek.com/automatic-security-update-unattended-upgrades-ubuntu-debian/
-
-作者：[Magesh Maruthamuthu][a]
-选题：[lujun9972][b]
-译者：[tomjlw](https://github.com/tomjlw)
-校对：[校对者ID](https://github.com/校对者ID)
-
-本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
-
-[a]: https://www.2daygeek.com/author/magesh/
-[b]: https://github.com/lujun9972
-[1]: https://www.2daygeek.com/manually-install-security-updates-ubuntu-debian/
-[2]: https://www.2daygeek.com/apt-get-apt-cache-command-examples-manage-packages-debian-ubuntu-systems/
-[3]: https://www.2daygeek.com/apt-command-examples-manage-packages-debian-ubuntu-systems/
--- a/translated/tech/20190815
+++ b/translated/tech/20190815
@ -0,0 +1,165 @@
+[#]: collector: (lujun9972)
+[#]: translator: (tomjlw)
+[#]: reviewer: ( )
+[#]: publisher: ( )
+[#]: url: ( )
+[#]: subject: (How To Set up Automatic Security Update (Unattended Upgrades) on Debian/Ubuntu?)
+[#]: via: (https://www.2daygeek.com/automatic-security-update-unattended-upgrades-ubuntu-debian/)
+[#]: author: (Magesh Maruthamuthu https://www.2daygeek.com/author/magesh/)
+
+如何在 Debian/Ubuntu 上设置自动安全更新（无人值守更新）
+======
+
+对于 Linux 管理员来说重要的任务之一是让系统保持最新状态。
+
+这使得你的系统更加稳健并且可以避免不想要的访问与攻击。
+
+在 Linux 上安装包裹小菜一碟。
+
+用相似的方法我们也可以更新安全补丁。
+
+这是一个向你展示如何配置系统接收自动安全更新的简单教程。
+
+未经审查运行自动安全包更新会给你带来一定风险，但是也有一些好处。
+
+如果你不想错过安全补丁且想要与最新的安全补丁保持同步，
+
+那你应该借助无人值守更新机制设置自动安全更新。
+
+如果你不想要自动安全更新的话，你可以**[在 Debian/Ubuntu 系统上手动安装安全更新][1]**。
+
+我们有许多可以自动化更新的办法，然而我们将先采用官方的方法之后我们会介绍其它方法。
+
+### 如何在 Debian/Ubuntu 上安装无人值守更新包
+
+无人值守更新包默认应该装在你的系统上。但万一它没被安装，就用下面的命令来安装：
+
+```
+$ sudo apt-get install unattended-upgrades
+```
+
+下方两个文件可以使你自定义该机制。
+
+```
+/etc/apt/apt.conf.d/50unattended-upgrades
+/etc/apt/apt.conf.d/20auto-upgrades
+```
+
+### 在无人值守更新文件中做出必要修改
+
+默认情况下只有少数安全更新需要的选项被启用。无需被它们限制，你可以配置其中的许多选项以使得这个机制更加有用。
+
+我修改了一下文件并仅加上被启用的行段以方便阐述。
+
+```
+# vi /etc/apt/apt.conf.d/50unattended-upgrades
+
+Unattended-Upgrade::Allowed-Origins {
+        "${distro_id}:${distro_codename}";
+        "${distro_id}:${distro_codename}-security";
+        "${distro_id}ESM:${distro_codename}";
+        };
+Unattended-Upgrade::DevRelease "false";
+```
+
+有三个源被启用，细节如下：
+  * **`${distro_id}:${distro_codename}:`**` ` 这是必须的因为安全更新可能会从非安全来源拉取依赖。
+  * **`${distro_id}:${distro_codename}-security:`**` ` 这是用来从来源得到安全更新
+  * **`${distro_id}ESM:${distro_codename}:`**` ` 这是用来从 ESM(扩展安全维护)获得安全更新。
+
+
+
+**启用邮件通知：** 如果你想要在每次安全更新后收到邮件通知，那么久修改以下行段（取消其注释并加上你的 email 账号）。
+
+从：
+
+```
+//Unattended-Upgrade::Mail "root";
+```
+
+到：
+
+```
+Unattended-Upgrade::Mail "[email protected]";
+```
+
+**自动移除不用的依赖：** 你可能需要在每次更新后运行“sudo apt autoremove” 命令来从系统中移除不用的依赖。
+
+我们可以通过修改以下行段来自动化这项任务（取消注释并将“false”改成“true”）。
+
+从：
+
+```
+//Unattended-Upgrade::Remove-Unused-Dependencies "false";
+```
+
+到：
+
+```
+Unattended-Upgrade::Remove-Unused-Dependencies "true";
+```
+
+**启用自动重启：** 你可能需要在安全更新安装至内核后重启你的系统。你可以在以下行段做出修改：
+
+从：
+
+```
+//Unattended-Upgrade::Automatic-Reboot "false";
+```
+
+到：取消注释并将“false”改成“true”以启用自动重启。
+
+```
+Unattended-Upgrade::Automatic-Reboot "true";
+```
+
+**启用特定时段的自动重启：** 如果自动重启已启用且你想要在特定时段进行重启，那么做出以下修改。
+
+从：
+
+```
+//Unattended-Upgrade::Automatic-Reboot-Time "02:00";
+```
+
+到：取消注释并将时间改成你需要的时间。我将重启设置在早上5点。
+
+```
+Unattended-Upgrade::Automatic-Reboot-Time "05:00";
+```
+
+### 如何启用自动化安全更新？
+
+现在我们已经配置好了必须选项，一旦配置好，
+
+打开以下文件并确认是否值都已设置好？值不应为0。（1=启用，0=禁止）。
+
+```
+# vi /etc/apt/apt.conf.d/20auto-upgrades
+
+APT::Periodic::Update-Package-Lists "1";
+APT::Periodic::Unattended-Upgrade "1";
+```
+
+**详情：**
+
+  * 第一行使 apt 每天自动运行 “apt-get update”。
+  * 第一行使 apt 每天自动安装安全更新。
+
+
+
+--------------------------------------------------------------------------------
+
+via: https://www.2daygeek.com/automatic-security-update-unattended-upgrades-ubuntu-debian/
+
+作者：[Magesh Maruthamuthu][a]
+选题：[lujun9972][b]
+译者：[tomjlw](https://github.com/tomjlw)
+校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创编译，[Linux中国](https://linux.cn/) 荣誉推出
+
+[a]: https://www.2daygeek.com/author/magesh/
+[b]: https://github.com/lujun9972
+[1]: https://www.2daygeek.com/manually-install-security-updates-ubuntu-debian/
+[2]: https://www.2daygeek.com/apt-get-apt-cache-command-examples-manage-packages-debian-ubuntu-systems/
+[3]: https://www.2daygeek.com/apt-command-examples-manage-packages-debian-ubuntu-systems/