How to automate security updates on Ubuntu Server
Is your Linux server running Ubuntu? Are you sick of taking time out of your busy schedule to update it? Do you want your Ubuntu server to update itself automatically? If so, you need to enable the “unattended-upgrades” feature. In this guide, we’ll show you how to set it up and automate security updates on Ubuntu Server.
Note: though this guide is focused on setting up the “unattended-upgrades” feature in Ubuntu server, it’s possible also to configure it on the Ubuntu desktop, as well as any Linux desktop operating system based on Ubuntu.
Install “unattended-upgrades” packages on Ubuntu
Unattended-upgrades is a feature of Ubuntu Linux, but it is not installed by default as the developers of the operating system do not feel that it should be. So, before we can get into setting everything up, we must demonstrate how to install it.
Using the Apt command below, install the “unattended-upgrades” package, and the other packages it needs to run correctly on the system to your Ubuntu Linux server or desktop PC.
Note: during the installation of these packages, you may notice a message regarding “postfix.” Go through the configuration process to configure your SMTP email address, as it is required to send email notifications with the “Unattended-upgrades” feature. For more help on setting up Postfix, please refer to the official Ubuntu documentation.
sudo apt install unattended-upgrades bsd-mailx apt-listchanges
After installing the packages from the command above, move on to the configuration stage of this guide.
Configure “unattended-upgrades” on Ubuntu
Simply installing the “unattended-upgrades” package isn’t enough. You must also go through the configuration process so that your Ubuntu system can use the feature. To configure “unattended-upgrades” start out by running the dpkg-reconfigure command in a terminal window.
sudo dpkg-reconfigure -plow unattended-upgrades
Upon running the dpkg-reconfigure command, a purple GUI window will appear in the terminal. In this window, you’ll see a message that states “automatically download and install stable updates?” Use the Enter key to select “Yes.” Selecting this option will enable automatic updates on your Ubuntu Linux system.
Set up email confirmation
While it is not required, the “unattended-upgrades” feature can easily be configured so that it sends out an email before each upgrade telling you that your Ubuntu Linux System is updating, and detailing what the packages are that were upgraded, etc.
Setting up this feature starts by launching a terminal window and opening up the “50unattended-upgrades” configuration file. Using the command below, launch the configuration file in the Nano text editor.
sudo nano -w /etc/apt/apt.conf.d/50unattended-upgrades
In the Nano text editor, locate Unattended-Upgrade::Mail and add in your email address, so that your Ubuntu Linux PC can send out the email report. The configuration should look exactly like the example below.
Unattended-Upgrade::Mail "My-Private-Email@email.com"
Next, find Unattended-Upgrade::MailOnlyOnError and change it from “true” to “false.”
Note: Having trouble finding Unattended-Upgrade::Mail in the configuration file? Press Ctrl + W to bring up the search function in Nano, write in, Unattended-Upgrade::Mail and the cursor will jump straight to it!
After setting up your email address in the configuration file, save the edits by pressing Ctrl + O. Close Nano with Ctrl + X. Then, open “listchanges.conf” and add your email address to this file as well.
sudo nano -w /etc/apt/listchanges.conf
Once again, save with Ctrl + O, and exit with Ctrl + X.
Set up automatic reboot
On Ubuntu Linux, some software updates require the entire system to restart. Unfortunately, restarting Ubuntu after an update is tedious and time-consuming, so if you want to make the most out of automating updates on Ubuntu, setting up automatic restart is critical.
Warning: setting up automatic reboot means that your system will restart any time it is required without asking for your confirmation. If you are not comfortable with having your Ubuntu machine do this, skip this section.
Setting up automatic restart in Ubuntu Linux means once again editing the “50unattended-upgrades” configuration file. In the terminal, open up the configuration file win Nano with the command below.
sudo nano -w /etc/apt/apt.conf.d/50unattended-upgrades
Inside of the configuration file, find “Unattended-Upgrade::Automatic-Reboot” and change it from “False” to “True.” Then, save the edits to the configuration file in the Nano text editor by pressing Ctrl + O on the keyboard. Close Nano by pressing Ctrl +X.
Testing automatic Ubuntu updates
Now that Ubuntu Linux is configured to install software updates automatically on your Linux PC, it’s a good idea to test it. To run a test, open up a terminal window and run the unattended-upgrades command with the “dry-run” command-line switch. Keep in mind that this test will not update anything. It is a simulation to show you how the automatic update system works.
sudo unattended-upgrades --dry-run
The test should take a few minutes. When it is done, check your email for the report.
