 A critical function of security is making sure if there's any unpatched things that they stay patched, that they get patched. And putting people in charge of patching things, well, it's not always the best idea. I mean, I know someone saying what I'm vigilant and I make sure these things are patched, but people, you know, we have our own issues and sometimes we forget to do things on a time basis and maybe you're not at the computer or you're away for a couple of days and a security vulnerability comes out and you're like, oh no, I have to get to my servers. Hopefully that's not how you're setting things up. I choose to use unintended upgrades. This topic came up in the forums the other day and while we loathe the forced Windows updates that we've seen from Windows 10 because we know that, well, they're just not well vetted and seem to cause a lot of issues and a lot of drama, it's much the opposite in the Linux world. Nothing's perfect. I know someone's got a horror story of some update that broke a thing. I know that can happen. When it comes to security updates and security patches though, if you have public facing servers, especially web servers, they are open vectors for attack. So you wanna make sure if there's a flaw in one of those security libraries that support the web server or any of the public facing things you have, that you have updates and patches loaded as soon as possible. So I do that with unintended upgrades because I know that I might be doing something else, but hey, they have a little update that's coming through. I want that update to get installed and it's really easy to do this. It takes only a few seconds. So this is a short video to show you. After get install, unintended upgrades, app to list changes. So if you wanna be real lazy, just go there and paste this in. This is just a basic clean load of Debian. And I've already got these things installed. These are just part of the things that whenever I do the base of the server, I go ahead and put this in there because security matters. And that much more important when it's a public facing server, which a handful of mine aren't even the forums are. So I have this running all the time. So that's it to get it started. Now there is an entire config file. So let's go ahead and pull up the config file and I'll leave the link to the Debian right up on this. This is right from Debian on how to do all this. And you can see here's all the things and this is not great out. So this is the default setup for it. And okay, codename, label Debian, label security. We wanna make sure those get updated. Blacklist, if you want to exclude certain things from here, if you say do not up these for special case and special use case, you're using maybe you have things you wanna blacklist and not update. So that is how the config file looks. But the good news is you don't even have to worry about this. So if you're staying time to look like a whole lot, don't worry, it's even simpler than that. And this command is listed in there too. So just run this. So you go de-package, reconfigure, plow, minus plow, unattended upgrades. Now here comes the great menu driven one. Automatically download and install stable updates, enter the default that fills us in, origin, Debian, codename, distro, label security, yep, done. How do you test if these work? Really simple. On a tended upgrades dash D for debug, it's gonna go ahead and check for me. No packages found that can be upgraded because when it's running all the time, it's always keeping the system up to date. So this little tool can save you a big, big headache. I know, like I said, someone probably has a horror story of this occurring and an automatic upgrade going wrong. But to me, the security patches come first. I'll deal with any issues that may arrive from them, which have been extremely rare. More important to me is if there was a flaw, for example, in Apache and I've run some Apache servers that that Apache server gets patched before that flaw becomes a data breach because data breaches are much, much more difficult than deal with than, huh, Apache stopped working after security update. What do I have to change? Was there a deprecated parameter? And this has happened before on my mail server that I loosely, I still maintain it, but I've noticed when it decided to stop accepting mail because when they updated a package, it was a deprecated line in a config file. Good news is it did stop it, but it also protected it from a problem that was in postfix at the time. This was a number of years ago. I would rather fail closed than deal with data breaches. So this is just a small piece of advice to go ahead and load this on any of your servers that you have public facing. Don't trust yourself to mainly update. That's just a recipe for being in the news like some of these large companies because this problem scales upwards and frequently find out they were running three versions behind of something because the person that was supposed to be doing it wasn't doing it and they're afraid it would break something. So they just kind of let it ride. Please install unattended updates, help keep your network secure and don't become part of the news in the next day of reach. Thanks for watching. If you enjoyed this video, go ahead and hit the thumbs up. If you want to see more content from my channel, go ahead and hit subscribe and the bell icon and hopefully YouTube will send you a notice. If you're interested in contracting launch systems for any type of IT services work or consulting work, go ahead and head over to laurancesystems.com and fill out our contact and get in touch with us. If you would like to help the channel out in other ways, you can use our affiliate links below in the description or we have a link directly to our launch systems page where we have a list of different affiliate offers and it's very appreciated if you use any of those for signing up any of the services and many of them offer you discounts. If you want to head over to our forums, there'll be a link in the description for our forums, wherever they may be because we've been looking at different forum platforms but they'll always be relevantly linked right there. All right, once again, thanks. Leave some feedback and comments below on this video. If you loved it, if you hated it, I try to reply to everyone, the people who hate and the people who love them. So thank you very much and see you next time.