VPS mises à jour sécurité automatiques : tutoriel 2026

Configurer les mises à jour de sécurité automatiques sur Ubuntu/Debian en 2026.

Voir notre guide hardening.

unattended-upgrades

apt install -y unattended-upgrades apt-listchanges

# Activer
dpkg-reconfigure -plow unattended-upgrades

Configuration

# /etc/apt/apt.conf.d/50unattended-upgrades
Unattended-Upgrade::Origins-Pattern {
    "origin=Debian,codename=${distro_codename},label=Debian-Security";
    "origin=Ubuntu,codename=${distro_codename}-security";
};

Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-Time "04:00";
Unattended-Upgrade::Mail "admin@exemple.sn";
Unattended-Upgrade::MailReport "on-change";

Unattended-Upgrade::Remove-Unused-Kernel-Packages "true";
Unattended-Upgrade::Remove-Unused-Dependencies "true";

# /etc/apt/apt.conf.d/20auto-upgrades
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::AutocleanInterval "7";

Vérifier que ça tourne

systemctl status unattended-upgrades
unattended-upgrade --dry-run --debug
journalctl -u unattended-upgrades --since "7 days ago"

Reboot après update

Si reboot nécessaire (kernel update), Automatic-Reboot=true à 04h00. Si trafic critique 24/7, planifier reboot manuellement.

Pour aller plus loin

• Guide hardening