Install Updates And Security Patches Automatically In Ubuntu

Install Updates And Security Patches Automatically In Ubuntu

One of the important task of every system administrator is to update packages and apply security patches regularly.  Sometimes, it is much better if you allow your Ubuntu system to do this job itself. Today, We will be discussing an important topic – how to install updates and security patches automatically in Ubuntu. The unattended-upgrades package allows us to automatically install updated packages and security patches whenever they become available. We can either configure the system to update all packages or just install the security updates. This can be very useful when managing headless Ubuntu servers. Of course, you can configure this in your desktop too.

Install Updates And Security Patches Automatically In Ubuntu

To install software updates and security patches automatically, first we need to install unattended-upgrades package. To do so, run:

sudo apt install unattended-upgrades

Now, we have to configure the automatic updates.

Let us edit /etc/apt/apt.conf.d/50unattended-upgrades file:

sudo vi /etc/apt/apt.conf.d/50unattended-upgrades

and make the changes that fits to your needs.

// Automatically upgrade packages from these (origin:archive) pairs
Unattended-Upgrade::Allowed-Origins {
 "${distro_id}:${distro_codename}";
 "${distro_id}:${distro_codename}-security";
// "${distro_id}:${distro_codename}-updates";
// "${distro_id}:${distro_codename}-proposed";
// "${distro_id}:${distro_codename}-backports";
};

As you see in the above configuration, I have configured packages from security APT source to upgrade automatically. You can uncomment the other lines if you want to configure automatic updates from other APT sources such as updates, proposed, and backports, just uncomment the respective lines. Save and exit the file.

You can also blacklist some packages from being automatically updated by adding them in the blacklist like below. Anything that comes under this list will not be updated automatically.

// List of packages to not update (regexp are supported)
Unattended-Upgrade::Package-Blacklist {
// "vim";
// "libc6";
// "libc6-dev";
// "libc6-i686";
};

As per the above configuration, the packages called vim, libc6, libc6-dev, libc6-i686 will not be automatically updated. We have configured automatic updates.

Next, we need enable automatic updates. To do so edit /etc/apt/apt.conf.d/10periodic file:

sudo nano /etc/apt/apt.conf.d/10periodic

Make the changes accordingly.

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";

As per the above configuration, the software sources will updated, the list of available updates will automatically downloaded and installed everyday. And then, the local cache folder will be cleared every week.

That’s it. You now know how to configure automatic updates in Ubuntu. Hope this helps. I will be soon here with another useful guide. Until then, stay tuned with OSTechNix and please share this article to your social networks.

Cheers!

Thanks for stopping by!

How can I benefit from this blog:

Have a Good day!!

You may also like...