How to make my server email me when there are security updates?

There's obviously a way to check to see when an update is a security update. I often get greeted by a motd that says "there are N security updates."

What I'd like to do is have my server email me a list of what packages need updating for security reasons.

To take it a step further, the email would link to the applicable security notification from Ubuntu.

Basically, each server is somewhat unique. I've received several emails on the security mailing list for packages I do not have install on any/all servers. So I'd like each individual server to tell me what it needs. That way I can apply updates in a timely manner, while avoiding restarting services like Apache that would cause users to have some downtime.

How could I do this?

You can use tool called apticron to notify you when new updates are available. It sends you e-mail about pending upgrades, also giving you a choice to only send you e-mail about updates not previously notified.

To setup apticron edit /etc/apticron/apticron.conf and change line containing e-mail address:

EMAIL="[email protected]"

Enter the e-mail address you wish to receive notifications to.

For more information see man apticron.

From a previous post. you can run security upgrades via command line with.

sudo unattended-upgrade

I checked it out and you can also use the command line option

 sudo unattended-upgrade --dry-run

To download but not install updates.

When running the program I am not getting any output, I think this is because I have my system set to auto-update. If you can get output from this just figure out what the updated vs. pending updates look like and write a shell script to send you an email containing of the output of the pending updates.

Then run this script as a cron job.

Note: use crontab -e to run jobs as root.