Introduction

Failing to keep your Ubuntu operating system packages up-to-date risks overall security.

Managing the process manually, wastes valuable resources and can even lead to overlooking essential security updates. There is a better solution. In this tutorial, we explain how to Enable automatic security updates in Ubuntu 18.04.

tutorial on how to set up automatic security updates on ubuntu 18.04

Prerequisites

  • A command line/terminal window (Ctrl-Alt-T)
  • A user account with sudo or root privileges
  • The apt package manager, included by default

Step 1: Install unattended-upgrades Package

1. Install the unattended-upgrade package by running the following command:

sudo apt install unattended-upgrades

2. Verify the installation:

systemctl status unattended-upgrades

The output that confirms a successful installation and active status appears like this:

confirmation of successful installation of unattended upgrades service

Step 2: Configure unattended-upgrades file

Now that you have completed the installation, we need to configure individual elements and define the parameters for the auto updates.

This example uses the nano text editor. However, any other text editor will work.

Accessing the configuration file

The unattended-upgrades configuration file is found in the /etc/apt/apt.conf.d directory.

Access the configuration file with the following command:

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

example of the configuration file

The unattended-upgrades package ignores lines that start with // as that line is considered to be a comment.

If you want a repository to update automatically, you need to remove // from that line.

For our purposes, we only need to remove // from the “security” line.

Blacklist Packages

The Unattended-Upgrade::Package-Blacklist section of the config file allows you to block upgrades for specific packages.

1. To block upgrades for specific packages, add the desired package name to the list. Remember to remove // to uncomment the line. In this example, vim and nginx.

adding packages to a list

2. Save the changes you made and exit the file.

Email Notifications

Automatic updates can run into issues. If an error does occur, the system can be set up to notify you via email. To enable this option remove // and edit the following lines:

Unattended-Upgrade::Mail example@email.com;

Unattended-Upgrade::MailOnlyOnError “true”;

enabling email updates for security alerts

Step 3: Enable Automatic Upgrades

The final step to enable Ubuntu automatic updates is to edit the auto-upgrades file with the command:

sudo nano /etc/apt/apt.conf.d/20auto-upgrades

editing how often the updated run on ubuntu

This file allows you to define how often the auto updates take place.

  • Update-Package-Lists: 1 enables auto update, 0 disables.
  • Unattended-Upgrade: 1 enables auto upgrade, 0 disables.
  • AutocleanInterval: Enables auto clean packages for X days. This configuration displays 7 days

For example, APT::Periodic::AutocleanInterval “7”; means that the system will clear the download archive every seven (7) days.

Step 4: Testing Automatic Upgrades

To verify that the automatic upgrades are set up correctly perform a dry run. The dry run command ensures that the update is only a simulation and that no actual changes will take place. Use the command:

sudo unattended-upgrades --dry-run -–debug

using the dryrun command to verify auto updates are successfully setup

Another option to check if the settings are applied correctly is to access the unattended-upgrades log. The log provides a detailed overview of previous upgrades:

/var/log/unattended-upgrades/unattended-upgrades.log

Conclusion

By following this guide, you have successfully installed, configured and enabled automatic security updates on Ubuntu.

Your system is now protected by the latest security packages at all times, making the whole process fully automated.