Prerequisites
Before enabling auto kernel updates, make sure you have:
- SSH access to your VPS
- Root or sudo privileges
⚠️ Kernel updates require a reboot. Consider enabling automatic reboots or schedule maintenance windows.
Method 1: Ubuntu/Debian – Using unattended-upgrades
Connect to your VPS:
ssh hxroot@YOUR_SERVER_IP -p 22Install if not already:
sudo apt install unattended-upgrades -yConfigure to include kernel updates:
sudo nano /etc/apt/apt.conf.d/50unattended-upgradesEnsure these lines are uncommented:
"${distro_id}:${distro_codename}-security";
"${distro_id}:${distro_codename}-updates";Enable automatic reboot if needed:
Unattended-Upgrade::Automatic-Reboot "true";
Unattended-Upgrade::Automatic-Reboot-Time "03:00";Method 2: CentOS/RHEL – Using kpatch (Live Patching)
Install kpatch (paid feature on some distros):
sudo yum install kpatchMethod 3: Ubuntu Livepatch (Free for up to 3 machines)
Install and enable:
sudo snap install canonical-livepatch
sudo canonical-livepatch enable YOUR_TOKENCheck status:
canonical-livepatch statusMethod 4: Update kernel but delay reboot
With unattended-upgrades, set:
Unattended-Upgrade::Automatic-Reboot "false";Then create a script to check and notify:
#!/bin/bash
if [ -f /var/run/reboot-required ]; then
echo "Kernel update pending on $(hostname)" | mail -s "Reboot Required" admin@example.com
fiCheck Reboot Status
ls /var/run/reboot-requiredManually Show Pending Kernel Updates
sudo apt list --upgradable | grep linux✅ Automatic kernel updates configured. Your system will stay protected from kernel vulnerabilities.