One of the important task of every system administrator is to update packages and apply security patches regularly. Today, We will be discussing how to install updates and security patches automatically in Ubuntu. To make this task easier, there is a package named unattended-upgrades for Debian-based systems. unattended-upgrades allows us to automatically install updated packages and security patches whenever they are available. We can either configure the system to update all packages or just install the security updates. This can be very useful when managing headless Ubuntu servers. Of course, you can configure this in your desktop too.
Install Updates and Security Patches Automatically in Ubuntu
To install software updates and security patches automatically, first we need to install unattended-upgrades package. To do so, run:
$ sudo apt install unattended-upgrades
Now, we have to configure the automatic updates.
Let us edit /etc/apt/apt.conf.d/50unattended-upgrades file:
$ sudo vi /etc/apt/apt.conf.d/50unattended-upgrades
and make the changes that fits to your needs.
// Automatically upgrade packages from these (origin:archive) pairs
Unattended-Upgrade::Allowed-Origins {
"${distro_id}:${distro_codename}";
"${distro_id}:${distro_codename}-security";
// "${distro_id}:${distro_codename}-updates";
// "${distro_id}:${distro_codename}-proposed";
// "${distro_id}:${distro_codename}-backports";
};As you see in the above configuration, I have configured packages from security APT source to upgrade automatically. You can uncomment the other lines if you want to configure automatic updates from other APT sources such as updates, proposed, and backports, just uncomment the respective lines. Save and exit the file.
You can also blacklist some packages from being automatically updated by adding them in the blacklist like below. Anything that comes under this list will not be updated automatically.
// List of packages to not update (regexp are supported)
Unattended-Upgrade::Package-Blacklist {
// "vim";
// "libc6";
// "libc6-dev";
// "libc6-i686";
};As per the above configuration, the packages called vim, libc6, libc6-dev, libc6-i686 will not be automatically updated. We have configured automatic updates.
Next, we need enable automatic updates. To do so, edit /etc/apt/apt.conf.d/10periodic file:
$ sudo nano /etc/apt/apt.conf.d/10periodic
Make the changes accordingly.
APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "1"; APT::Periodic::AutocleanInterval "7";
As per the above configuration, the software sources will be updated and the list of available updates will automatically be downloaded and installed everyday. And then, the local cache folder will be cleared every week.
Related Read:
- How To Apply Updates Automatically With dnf-automatic In RHEL, AlmaLinux And Rocky Linux
- How To Disable Unattended Upgrades On Ubuntu
- Enable Automatic Security Updates In Debian 12
- How To Upgrade Everything With A Single Command In Linux
- 3 Different Methods To Upgrade Ubuntu To Latest Version
- Different Ways To Update Linux Kernel For Ubuntu
