Check out a free preview of the full Full Stack for Front-End Engineers, v2 course:
The "Unattended Upgrades" Lesson is part of the full, Full Stack for Front-End Engineers, v2 course featured in this preview video. Here's what you'd learn in this lesson:

Jem demonstrates how to enable unattended upgrades in a server to prevent some attacks.

Get Unlimited Access Now

Transcript from the "Unattended Upgrades" Lesson

[00:00:00]
>> Jem Young: So one way of keeping your software secure, or keeping your computer secure, is preventing these zero days. So the minute an exploit comes out, you want to keep your software up to date. And we can do this with a program called Unattended Upgrades. What it does is it automatically upgrades your software for security or minor fixes.

[00:00:17] So let's go ahead and install that now on our computer. So sudo. apt install unattended-upgrades.
>> Jem Young: Do that here. And generally with modern Ubuntu distributions, it's already installed because they're trying to help you out. Every version of Ubuntu gets a little bit better, a little bit more user friendly.

[00:01:04] And let's just check on the conf file. We're not gonna modify it today, but it's good to know that these conf files exist. So I'm gonna say less,
>> Jem Young: /etc/ apt, apt.conf.d, and we'll go with 50 unattended upgrades.
>> Jem Young: For an etc/APT/APT.conf.d/unattendedupgrades and these are just configuration files for the programs, for apps and in this particular instance it runs in the background.

[00:01:51] So what it does is because most of their everything's commented out, other than the security. And distribution for the main distribution, which usually doesn't happen. There's not usually a major push on LTS version. And I don't know what ESM is, but I think it's okay. But the main one we want is the security upgrades.

[00:02:10] So every time there's a bug and exploit discovered in Ubuntu, your computer is automatically going to pull in the latest changes for you. This is really helpful. When I first started out, this didn't really exist. So I had to run a cron job which is a job that runs on a daily cycle or whatever I established it to be and automatically install these things but with unintended upgrades, it does it for you.

[00:02:34] And that's, that's just a a really nice feature that we should all enable if it's not already enabled in your system. Always make sure your system has a way of staying up to date. Windows Update, I think Windows 10, they had a zero day release the other day, it was from a video drive or something like that.

[00:02:50] So again, always keep your software up to date if you can. But don't necessarily jump on the latest version of something. But stay on the latest patches and fixes. Yes.
>> Speaker 2: So to clarify, once you run this installer, that's going to essentially be an autopilot and it will automatically delete auto installer or auto upgrader

[00:03:13]
>> Jem Young: Yes.
>> Speaker 2: And what's the frequency of that schedule?
>> Jem Young: I don't know, I think it checks probably daily. It just checks the apt repo and says is there an update to this? If so, pull it in and install it.
>> Speaker 2: So theoretically you would still be vulnerable to zero days.

[00:03:29]
>> Jem Young: Yes. Which is why they're called a zero day. If they were called a one day, that would be enough to give you enough time to fix it. If it's a zero day and your system is running, then it's not patched yet because the manufacturer doesn't even know about it.

[00:03:44] Hence the zero part of it.