How to only install security updates [duplicate]

Is it possible to only install the security updates. If this is possible it needs to be done on several servers and ubuntu virtual machines (Manually in command line) .

I already tried a few solutions but nothing worked out for me. The goal is that by running a script of some sort to sort the security updates together and then update only the security updates.

It isn't possible to install them automatic because the servers and the virtual machines have great impact on the company.

Btw I am a noob on linux / ubuntu . Tried (sudo apt-get upgrade but this only upgrade the existing software , Tried this with no result apt-get -s dist-upgrade | grep "^Inst" | grep -i securi | awk -F " " {'print $2'} | xargs apt-get install , Also tried this sudo sh -c 'grep ^deb /etc/apt/sources.list |grep securi >> /etc/apt/sources.security.repos.only.list' with no result. The only option i see left i manualy download the updates and then sort them out.
I already saw that article . sudo sh -c 'apt-get -o Dir::Etc::sourcelist="secsrc.list" \ -o Dir::Etc::sourceparts="-" update && \ apt-get --assume-no upgrade' . Maybe there is a possibility to workt together with this the command abbove ? So that i only need to download the security updates , and becouse it is a company servers i cant just shutdown rest of the reposotory .


Solution 1:

Is it possible to only install the security updates?

Answer is : yes.

You can use unattended-upgrades which can handle automatic installation of security upgrades in Ubuntu system. Running sudo unattended-upgrade will install all the security package available for upgrade.

Install this package if it isn't already installed using

sudo apt-get install unattended-upgrades

To enable it type

sudo dpkg-reconfigure  unattended-upgrades

and select "yes".

You can also use it with the cron to schedule(weekly, monthly) an automatic security update.

See the Official Ubuntu Documentation for a comprehensive explanation

Just as a side note: If you have several machine, I would suggest you to create a local repository so that you will not need to download same package again and again in several machine. See here.