I have an AWS Ubuntu (Apache-Nodejs) instance, and am trying to determine the best way to handle security patches.
Reading some of the forum topics, the following appears to be the case:
1) Periodically, Bitnami releases new image versions. (major version changes or cumulative significant security issues/upgrades example: Forum post).
- The preference is to migrate to these new images rather than doing our own major upgrades (that's partially why we're in the Cloud)
2) At need, Bitnami warns about and releases high impact patches (e.g. heartbleed virus Forum post)
- Install them quickly.
3?) I've also found the ubuntu "automatic-updates" package/feature, which can be installed and scheduled via CRON. Link to Ubuntu doc
Interestingly, the "automatic-updates" package is already installed, and appears to be configured to do security updates, but not other updates. CRON doesn't appear setup to run it though, nor does the log file (at /var/log/apt/ ) appear to indicate that it has updated anything.
The question: Any recommendation for or against (or experience with) using the Ubuntu "automatic-updates" package? I would probably schedule it 1-2 times per month.