How to Keep Ubuntu Updated with Automatic Security Updates

Keeping your Ubuntu system updated is essential for security and stability. Automatic security updates ensure that your system is always protected from vulnerabilities. In this guide, we will show you how to set up and configure automatic security updates on Ubuntu.

← Back

Step 1: Update Your Package List

Before setting up automatic security updates, ensure that your package list is up to date. Open the terminal and run the following command to update your package list:

sudo apt update

This command will download the latest package information from the repositories.

Step 2: Install Unattended Upgrades

Ubuntu uses the unattended-upgrades package to automatically install security updates. To install it, run the following command:

sudo apt install unattended-upgrades

If it's already installed, you can skip this step.

Step 3: Configure Unattended Upgrades

Once the package is installed, you need to configure it. The configuration file for unattended upgrades is located at /etc/apt/apt.conf.d/50unattended-upgrades. Open this file in a text editor:

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

In this file, ensure that the lines for security updates are uncommented. Look for the following lines:

Unattended-Upgrade::Allowed-Origins {
        "${distro_id}:${distro_codename}-security";
      };

This tells the system to only apply security updates automatically. You can also uncomment other lines to enable additional automatic updates for other package types if desired.

Step 4: Enable Automatic Updates

Next, you'll need to enable the automatic updates service. To do this, open the following configuration file:

sudo nano /etc/apt/apt.conf.d/20auto-upgrades

Ensure the following two lines are present and set to "1":

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

These lines enable the automatic download and installation of security updates on your system.

Step 5: Restart the System or Services

Once the configuration is done, you can restart your system or simply restart the services to apply the changes:

sudo systemctl restart unattended-upgrades

Step 6: Verify Automatic Updates are Working

To verify that automatic updates are working, you can check the logs in /var/log/unattended-upgrades:

cat /var/log/unattended-upgrades/unattended-upgrades.log

This file will contain a log of all the automatic updates applied to your system. You should see entries for security updates that have been installed.

Step 7: Check for Updates Manually

If you want to check for updates manually, you can always run the following command:

sudo apt update && sudo apt upgrade

This will check for available updates and prompt you to install them. However, with automatic updates configured, this step should be done automatically without your intervention.

Conclusion

By following these steps, you’ve set up automatic security updates on your Ubuntu system, ensuring that your system remains secure and up to date without requiring manual intervention. Regularly checking your update logs and configuring additional packages for automatic updates is a good practice to keep your system safe and optimized.

← Back