Raspberry Pi einrichten, damit Sicherheitsupdates automatisch eingespielt werden. Dies ist vor allem für die Geräte von Bedeutung, welche direkt aus dem Internet erreichbar sind und ein einfaches Ziel für Hacker ist.
Schritt-für-Schritt-Anleitung
Als erstes wird der Raspberry Pi auf den aktuellen Stand gebracht:
Damit die Updates automatisch installiert werden, gibt es das Paket unattended- upgrades:
sudo apt-get install unattended-upgrades
Als nächstes werden zwei Konfigurationsdateien angelegt. Dies geht am einfachsten mit folgenden Befehl:
sudo dpkg-reconfigure unattended-upgrades
Im Einrichtungsassistent bestätigen Sie als erstes mit OK:Und im folgenden Punkt korrigieren Sie bitte die Zeile passend zum Raspbian Pi:
“origin=Raspbian,codename=${distro_codename},label=Raspbian";"origin=Raspberry Pi Foundation,codename=${distro_codename},label=Raspberry Pi Foundation";
Am Ende wurden zwei Konfigurationsdateien erstellt.
Erste Konfigurationsdatei: /etc/apt/apt.conf.d/20auto-upgrades
APT::Periodic::Update-Package-Lists „1“; Aktualisierung der Paketlisten APT::Periodic::Unattended-Upgrade „1“; Führe unbeaufsichtigte Upgrades durch
Zweite Konfigurationsdatei: /etc/apt/apt.conf.d/50unattended-upgrades
//Unattended-Upgrade::Origins-Pattern controls whichpackages are //upgraded. // //Lines below have the formatformatis "keyword=value,...". A //package will be upgraded only ifthe values inits metadata match //all the supplied keywords ina line. (In other words, omitted //keywords are wild cards.) The keywords originate from the Release //file, but several aliases are accepted. The accepted keywords are: //a,archive,suite (eg, "stable") //c,component (eg, "main", "contrib", "non-free") //l,label (eg, "Debian", "Debian-Security") //o,origin (eg, "Debian", "Unofficial Multimedia Packages") //n,codename (eg, "jessie", "jessie-updates") //site (eg, "http.debian.net") //The available values on the system are printed by the command //"apt-cache policy", and can be debugged by running //"unattended-upgrades -d"and looking at the log file. // //Within lines unattended-upgrades allows 2 macros whose values are //derived from /etc/debian_version: //${distro_id} Installed origin. //${distro_codename} Installed codename (eg, "jessie") Unattended-Upgrade::Origins-Pattern { //Codename based matching: //This will follow the migration of a release through different //archives (e.g. from testing to stable and later oldstable). //"o=Debian,n=jessie"; //"o=Debian,n=jessie-updates"; //"o=Debian,n=jessie-proposed-updates"; //"o=Debian,n=jessie,l=Debian-Security";
//Archive or Suite based matching: //Note that this will silently match a different release after //migration to the specified archive (e.g. testing becomes the //new stable). //"o=Debian,a=stable"; //"o=Debian,a=stable-updates"; //"o=Debian,a=proposed-updates"; "origin=Raspbian,codename=${distro_codename},label=Raspbian";
//Additionally, forthose running Raspbian on a Raspberry Pi, //match packages from the Raspberry Pi Foundation as well. "origin=Raspberry Pi Foundation,codename=${distro_codename},label=Raspberry Pi Foundation"; };
//List of packages to not update (regexp are supported) Unattended-Upgrade::Package-Blacklist { //"vim"; //"libc6"; //"libc6-dev"; //"libc6-i686"; };
//This option allows you to control ifon a unclean dpkg exit //unattended-upgrades will automatically run //dpkg --force-confold --configure -a //The default is true, to ensure updates keep getting installed //Unattended-Upgrade::AutoFixInterruptedDpkg "false";
//Split the upgrade into the smallest possible chunks so that //they can be interrupted with SIGUSR1. This makes the upgrade //a bit slower but it has the benefit that shutdownwhilea upgrade //is running is possible (with a small delay) //Unattended-Upgrade::MinimalSteps "true";
//Install all unattended-upgrades when the machine is shuting down //instead of doing it inthe background whilethe machine is running //This will (obviously) makeshutdownslower //Unattended-Upgrade::InstallOnShutdown "true";
//Send email to this address forproblems or packages upgrades //If empty or unsetthenno email is sent, makesure that you //have a working mail setup on your system. A package that provides //'mailx'must be installed. E.g. "user@example.com" //Unattended-Upgrade::Mail "root";
//Set this value to "true"to get emails only on errors. Default //is to always send a mail ifUnattended-Upgrade::Mail is set //Unattended-Upgrade::MailOnlyOnError "true";
//Do automatic removal of new unused dependencies after the upgrade //(equivalent to apt-get autoremove) //Unattended-Upgrade::Remove-Unused-Dependencies "false";
//Automatically reboot *WITHOUT CONFIRMATION* if //the file/var/run/reboot-requiredis found after the upgrade //Unattended-Upgrade::Automatic-Reboot "false";
//Automatically reboot even ifthere are userscurrently logged in. //Unattended-Upgrade::Automatic-Reboot-WithUsers "true";
//If automatic reboot is enabled and needed, reboot at the specific //timeinstead of immediately //Default: "now" //Unattended-Upgrade::Automatic-Reboot-Time "02:00";
//Use apt bandwidth limit feature, this example limits the download //speed to 70kb/sec //Acquire::http::Dl-Limit "70";
//Enable logging to syslog. Default is False //Unattended-Upgrade::SyslogEnable "false";
//Specify syslog facility. Default is daemon //Unattended-Upgrade::SyslogFacility "daemon";
Die Kommentare sind selbstsprechend und somit kann die Konfigurationsdatei entsprechend verfeinert werden.
Zum debuggen kann folgender Befehl verwendet werden:
0 Kommentare zu “Raspberry Pi automatisch aktualisieren”