Samir Parikh / Blog

Originally published on 01 January 2019

Once you get your FreeBSD system up and running, it's a good idea to regularly update it with the latest security patches and bug fixes. Much like Ubuntu's unattended-upgrades package, FreeBSD's freebsd-update(8) utility offers similar functionality. This post and instructions are taken directly from Justin Ellingwood's excellent Digital Ocean tutorial:

It is possible to configure your system to automatically check for these security patches daily by setting up a cron job. The freebsd-update(8) utility has a special cron subcommand that is available specifically for this purpose.

This will pause for a random amount of time (up to an hour) in order to spread out the load on the download servers. It will then check for updates and download them (basically the fetch operation in the background). If updates are downloaded, a specified user account will be notified. Updates are not automatically installed so that the administrator can decide on an appropriate time to apply them.

To set up this automatic checking, edit the /etc/crontab file with sudo privileges:

$ sudo vi /etc/crontab

At the bottom of the file, add a line that looks like this:

@daily root freebsd-update -t username cron

The above command will run the update command automatically as the root user. If updates are found, the user account specified after the -t component (in this case, username) will be notified.

Save and close the file when you are finished.

The next time you log into the username account, you can check your mail by typing:

$ mail

If updates were downloaded, you will see something like this:

Mail version 8.1 6/6/93.  Type ? for help.
"/var/mail/freebsd": 1 message 1 new
>N  1 freebsd@freebsdserver       Thu Dec 18 21:45 209/3997  "freebsdserver security updates"

You can view the list of updates by typing the message number associated with the notification:

& 1

When you are satisfied with the software that will be changed, you can quickly install the updates by typing:

$ sudo freebsd-update install

Remember to restart the machine if any kernel patches were applied and to restart any services that were affected by the update via reboot(8).