You should update your Debian system every night, unattended and automatic.
Bold words! But honestly I’ve done this since at least Debian 10 and have never had an issue. When was the last time you had a bad update that caused you to roll back? I’m guessing never.
So I recommend just doing updates nightly. Based on my experience, it’s more likely that someone’s going to find a bug in a Linux package and use it to start robohacking servers than a scenario where you get a bad apt update.
Here we’re using Debian 13 “Trixie”. I bet if you run this command, you’ll find you have the unattended-upgrades package installed:
# dpkg -l | grep -i unatten ii unattended-upgrades 2.12 all automatic installation of security upgrades
If not:
apt update apt -y install unattended-upgrades
If unattended-upgrades was installed and you haven’t touched the config, or you just installed it, it’s setup to apply security updates only. You can easily change it to perform all updates.
You want to edit the file
/etc/apt/apt.conf.d/50unattended-upgrades
By default, it looks like this (among other lines):
Unattended-Upgrade::Origins-Pattern {
// Codename based matching:
// This will follow the migration of a release through different
// archives (e.g. from testing to stable and later oldstable).
// Software will be the latest available for the named release,
// but the Debian release itself will not be automatically upgraded.
// "origin=Debian,codename=${distro_codename}-updates";
// "origin=Debian,codename=${distro_codename}-proposed-updates";
"origin=Debian,codename=${distro_codename},label=Debian";
"origin=Debian,codename=${distro_codename},label=Debian-Security";
"origin=Debian,codename=${distro_codename}-security,label=Debian-Security";If you uncomment (by removing the leading //) the two lines in bold, you’ll get all upgrades and not just security updates.
The upgrade cycle will fire daily due to these services:
/usr/lib/systemd/system/apt-daily.service /usr/lib/systemd/system/apt-daily-upgrade.service
Need more info?
man unattended-upgrade
Related Posts:
Should You Run FreeBSD in 2026? Maybe, Maybe Not
Revisiting One of the Greatest Posts in LowEndBox History
So How Exactly Do You Learn About Security Issues on Your VPS?
Before You Format: ext4, XFS, and btrfs Differences Explained (And Which One You Should Pick)
A Deep Dive Into Debian 13's /tmp: What's New, And What To Do If You Don't Like It
Tighten Up Your VPS With an SSH Audit! Let's Look at the ssh-audit Package...Does OpenBSD Score Hig...
raindog308 is a longtime community LETizen, technical writer, and self-described techno polymath. With deep roots in the *nix world, he has a passion for systems both modern and vintage, ranging from Unix, Perl, Python, and Golang to shell scripting and mainframe-era operating systems like MVS. He’s equally comfortable with relational database systems, having spent years working with Oracle, PostgreSQL, and MySQL.
As an avid user of LowEndBox providers, raindog308 runs an empire of LEBs, from tiny boxes for VPNs, to mid-sized instances for application hosting, and heavyweight servers for data storage and complex databases. He brings both technical rigor and real-world experience to every piece he writes.
Beyond the command line, raindog308 has a life-long love of German Shepherd Dogs, high-quality knives, target shooting, theology, tabletop RPGs, playing guitar, and hiking in deep, quiet forests.
His goal with every article is to help users, from beginners to seasoned sysadmins, get more value, performance, and enjoyment out of their infrastructure.
You can find him daily in the forums at LowEndTalk under the handle @raindog308.
Leave a Reply