Setup Automatic Security Updates On Ubuntu

ubuntu-automatic-security-updates.md

Setup Automatic Security Updates On Ubuntu

Install unattended-upgrade pkg

• (Might already be installed depending on your Ubuntu release)

sudo apt update
sudo apt install unattended-upgrades

Configure unattended-upgrade for security updates only

sudo vim /etc/apt/apt.conf.d/50unattended-upgrades

Unattended-Upgrade::Allowed-Origins {
//      "${distro_id}:${distro_codename}";
        "${distro_id}:${distro_codename}-security";
        // Extended Security Maintenance; doesn't necessarily exist for
        // every release and this system may not have it installed, but if
        // available, the policy for updates is such that unattended-upgrades
        // should also install from here by default.
//      "${distro_id}ESM:${distro_codename}";
//      "${distro_id}:${distro_codename}-updates";
//      "${distro_id}:${distro_codename}-proposed";
//      "${distro_id}:${distro_codename}-backports";
};

Alternatively configure to blacklist updates from certain packages

Unattended-Upgrade::Package-Blacklist {
         "vim";
         "nginx";
 //      "libc6";
 //      "libc6-dev";
 //      "libc6-i686";
 };

Enable and configure for automatic updates to run every day

sudo vim /etc/apt/apt.conf.d/20auto-upgrades

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";

Logs

/var/log/unattended-upgrades.

Run

sudo unattended-upgrade -d

Links

https://help.ubuntu.com/18.04/serverguide/automatic-updates.html