published on in ops
tags: ubuntu linux security

Automatic security updates with Ubuntu

To configure automatic updates on Ubuntu you will first need ensure that the unattended-upgrades package is installed.

sudo apt-get install unattended-upgrades

We then need to enable the package by running the following command (you will be prompted with a confirmation screen - select yes):

sudo dpkg-reconfigure -plow unattended-upgrades

Once enabled, edit the auto upgrades settings file (/etc/apt/apt.conf.d/20auto-upgrades) so it contains the following 4 lines (some may already exist):

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";

These settings will ensure that it checks for updates daily and runs a weekly cleanup.

Finally, you may want to tweak the unattended upgrades settings file (/etc/apt/apt.conf.d/50unattended-upgrades). This file allows you to chose what updates are run and where apt can search for new updates.

Unattended-Upgrade::Allowed-Origins {
  "${distro_id}:${distro_codename}-security";
//  "${distro_id}:${distro_codename}-updates";
//  "${distro_id}:${distro_codename}-proposed";
//  "${distro_id}:${distro_codename}-backports";
};

It is recommended you stick with just security updates initially, unless you know what you are doing.

_Note: The variables ${distro_id} and ${distrocodename} are expanded automatically. I would comment out the all entires except security.