Alpine Linux does run a hardened kernel, I always add a firewall to my servers, lock down SSH access to my IP address, and follow various other server security best practices so I shouldn't have any security problems but I do like to keep things updated.
I've found a very straight forward way of keeping my Alpine Linux servers up-to-date. For every new Alpine Linux server I make I always create a simple shell script in my
/etc/periodic/daily/ folder named
apk-autoupgrade with the permissions
You can create this yourself or run the following to create it in a single command:
Your Alpine Linux server now auto-updates itself, assuming you have cron jobs running. You can also enable those easily with:
What my script does is run the command
apk upgrade --update once a day. Luckily
apk by default never asks for user input so it should always just work. The rest of the script is to help you out by providing some logging. You can check the
/var/log/apk-autoupgrade.log file every now and then to make sure everything is running smoothly. As an example of the output here's one of my servers:
The one thing this script doesn't do is restart services once they are updated so that's something you'll need to determine yourself. In the future I may expand upon the script by checking for kernel updates or updates to running services and reboot the system or the service based off of the log output. As of right now I automatically reboot my servers every Sunday night since reboots happen almost instantly. If I hear of something critical then I'll just run a quick manual reboot.
That's it, a minimal solution to keep your Alpine Linux systems updated.