Though I am taking some risk by automatically updating my servers. I prefer that they always update so that security patches are applied very quickly. Here is how I configured my Debian servers (jessie) to update on a daily bases.
I created a shell script in /root/update.sh
apt-get update -y > /root/update.log apt-get upgrade -y > /root/update.log
very simple update and upgrade outputting to a log file.
Chmod 755 /root/update.sh
set the sh as executable.
Then used crontab to set up the sh to run daily.
crontab -e # m h dom mon dow command 00 08 * * * /root/update.sh
Waited for the cron job to run and checked update.log
Hit http://mirrors.digitalocean.com jessie InRelease Hit http://mirrors.digitalocean.com jessie/main amd64 Packages Hit http://mirrors.digitalocean.com jessie/main Translation-en Hit http://security.debian.org jessie/updates InRelease Hit http://security.debian.org jessie/updates/main amd64 Packages Hit http://security.debian.org jessie/updates/main Translation-en Reading package lists… Reading package lists… Building dependency tree… Reading state information… 0 upgraded, 0 newly installed, 0 to remove and 0 not upgraded.
sweet looks good.
Clearly there is some limitations to this. I have to check the log to see any failures and I will get all updates not just security updates.
Logwatch will monitor the basic updates but I could certainly shot myself in the foot with an update