Introduction
Failing to keep your Ubuntu operating system packages up-to-date risks overall security.
Managing the process manually, wastes valuable resources and can even lead to overlooking essential security updates. There is a better solution. In this tutorial, we will explain how to Enable automatic security updates in Ubuntu 18.04.
Prerequisites
- A command-line/terminal window (Ctrl-Alt-T)
- A user account with sudo or root privileges
- The apt package manager, included by default
Step 1: Install unattended-upgrades Package
1. Install the unattended-upgrade package by running the following command:
sudo apt install unattended-upgrades
2. Verify the installation:
systemctl status unattended-upgrades
The output that confirms a successful installation and active status appears as below:
Step 2: Configure unattended-upgrades File
Now that you have completed the installation, we need to configure individual elements and define the parameters for the auto updates.
This example uses the nano text editor. However, any other text editor will work.
Accessing the Configuration File
The unattended-upgrades configuration file is found in the /etc/apt/apt.conf.d directory.
Access the configuration file with the following command:
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
The unattended-upgrades package ignores lines that start with // as that line is considered to be a comment.
If you want a repository to update automatically, you need to remove // from that line.
For our purposes, we only need to remove // from the “security” line.
Blacklist Packages
The Unattended-Upgrade::Package-Blacklist section of the config file allows you to block upgrades for specific packages.
1. To block upgrades for specific packages, add the desired package name to the list. Remember to remove // to uncomment the line. In this example, vim and nginx.
2. Save the changes you made and exit the file.
Email Notifications
Automatic updates can run into issues. If an error does occur, the system can be set up to notify you via email. To enable this option remove // and edit the following lines:
Unattended-Upgrade::Mail example@email.com;
Unattended-Upgrade::MailOnlyOnError “true”;
Step 3: Enable Automatic Upgrades
The final step to enable Ubuntu automatic updates is to edit the auto-upgrades file with the command:
sudo nano /etc/apt/apt.conf.d/20auto-upgrades
This file allows you to define how often the auto updates take place.
- Update-Package-Lists: 1 enables auto-update, 0 disables.
- Unattended-Upgrade: 1 enables auto-upgrade, 0 disables.
- AutocleanInterval: Enables auto clean packages for X days. This configuration displays 7 days
For example, APT::Periodic::AutocleanInterval “7”; means that the system will clear the download archive every seven (7) days.
Step 4: Testing Automatic Upgrades
To verify that the automatic upgrades are set up correctly perform a dry run. The dry run command ensures that the update is only a simulation and that no actual changes will take place. Use the command:
sudo unattended-upgrades --dry-run -–debug
Another option to check if the settings are applied correctly is to access the unattended-upgrades log. The log provides a detailed overview of previous upgrades:
/var/log/unattended-upgrades/unattended-upgrades.log
Conclusion
By following this guide, you have successfully installed, configured and enabled automatic security updates on Ubuntu.
Your system is now protected by the latest security packages at all times, making the whole process fully automated.
Next you should also read
How to Enable SSH on Ubuntu 18.04
April 23, 2019
When establishing a remote connection between a client and a server, a primary concern is ensuring a secure…
21 Server Security Tips to Secure Your Server
April 20, 2019
Hackers are always on the lookout for server vulnerabilities. Minimize risks and be confident your data is…
How to Set up & Configure ModSecurity on Apache
March 11, 2019
ModSecurity is an Open-source firewall application for Apache. Learn how to Setup & Configure ModSecurity on…
Defend Against DoS & DDoS on Apache With mod_evasive
March 5, 2019
The mod_evasive tool is an Apache web services module that helps your server stay running in the event of an…
How to Set Up & Install Squid Proxy Server on Ubuntu 18.04
February 15, 2019
Squid is a Linux-based proxy application that can be used for filtering traffic, security, DNS lookups, and…
Author
Vladimir Kaplarevic
Vladimir is a resident Tech Writer at phoenixNAP. He has more than 7 years of experience in implementing e-commerce and online payment solutions with various global IT services providers. His articles aim to instill a passion for innovative technologies in others by providing practical advice and using an engaging writing style.