Keeping your system up-to-date with the latest packages and security updates can be a tedious task. Most users forget to do it, leaving them vulnerable to countless threats. Automate security (and other package) updates with the utility Unattended Upgrades on Debian or Ubuntu.
You can set up automated security updates on Linux by installing a helpful utility called unattended-upgrades.
Install it running the following command:
sudo apt install unattended-upgrades
After the installation completes, you can enable and start the unattended-upgrades service by running the following commands:
sudo systemctl enable unattended-upgrades
And this one:
sudo systemctl start unattended-upgrades
The unattended-upgrades configuration file is found in the /etc/apt/apt.conf.d directory.
Access the configuration file with the following command:
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
The unattended-upgrades package ignores lines that start with // as that line is considered to be a comment.
If you want a repository to update automatically, you need to remove // from that line.
For our purposes, we only need to remove // from the “security” line.
The Unattended-Upgrade::Package-Blacklist section of the config file allows you to block upgrades for specific packages.
You can also use hold option by running following command:
sudo apt-mark hold package-name
The final step to enable automatic updates is to edit the auto-upgrades file with the command:
sudo nano /etc/apt/apt.conf.d/20auto-upgrades
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::AutocleanInterval "7";
To verify that the automatic upgrades are set up correctly perform a dry run. The dry run command ensures that the update is only a simulation and that no actual changes will take place. Use the command:
sudo unattended-upgrades --dry-run --debug
