Home Linux Administration Install Updates And Security Patches Automatically In Ubuntu

Install Updates And Security Patches Automatically In Ubuntu

By sk
Published: Last Updated on 2K views

One of the important task of every system administrator is to update packages and apply security patches regularly. Today, We will be discussing how to install updates and security patches automatically in Ubuntu. To make this task easier, there is a package named unattended-upgrades for Debian-based systems. unattended-upgrades allows us to automatically install updated packages and security patches whenever they are available. We can either configure the system to update all packages or just install the security updates. This can be very useful when managing headless Ubuntu servers. Of course, you can configure this in your desktop too.

Install Updates And Security Patches Automatically In Ubuntu

To install software updates and security patches automatically, first we need to install unattended-upgrades package. To do so, run:

$ sudo apt install unattended-upgrades

Now, we have to configure the automatic updates.

Let us edit /etc/apt/apt.conf.d/50unattended-upgrades file:

$ sudo vi /etc/apt/apt.conf.d/50unattended-upgrades

and make the changes that fits to your needs.

// Automatically upgrade packages from these (origin:archive) pairs
Unattended-Upgrade::Allowed-Origins {
 "${distro_id}:${distro_codename}";
 "${distro_id}:${distro_codename}-security";
// "${distro_id}:${distro_codename}-updates";
// "${distro_id}:${distro_codename}-proposed";
// "${distro_id}:${distro_codename}-backports";
};

As you see in the above configuration, I have configured packages from security APT source to upgrade automatically. You can uncomment the other lines if you want to configure automatic updates from other APT sources such as updates, proposed, and backports, just uncomment the respective lines. Save and exit the file.

You can also blacklist some packages from being automatically updated by adding them in the blacklist like below. Anything that comes under this list will not be updated automatically.

// List of packages to not update (regexp are supported)
Unattended-Upgrade::Package-Blacklist {
// "vim";
// "libc6";
// "libc6-dev";
// "libc6-i686";
};

As per the above configuration, the packages called vim, libc6, libc6-dev, libc6-i686 will not be automatically updated. We have configured automatic updates.

Next, we need enable automatic updates. To do so, edit /etc/apt/apt.conf.d/10periodic file:

$ sudo nano /etc/apt/apt.conf.d/10periodic

Make the changes accordingly.

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";

As per the above configuration, the software sources will be updated and the list of available updates will automatically be downloaded and installed everyday. And then, the local cache folder will be cleared every week.

Related read:

You May Also Like

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More