How to Set Up Automatic Security Updates on Ubuntu

Keeping your system updated is one of the most effective ways to protect against vulnerabilities. Ubuntu makes it easy to configure automatic security updates so that critical patches are applied without manual intervention.

Step 1: Install the unattended-upgrades Package

This package handles the automatic download and installation of security updates.

sudo apt update
sudo apt install unattended-upgrades

Step 2: Enable Unattended Upgrades

You can enable the feature with the following command, which runs a guided configuration tool:

sudo dpkg-reconfigure --priority=low unattended-upgrades

Select “Yes” when prompted to automatically install security updates.

Step 3: Configure Automatic Updates (Optional)

For more control, edit the configuration file located at:

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

You can specify which updates to install, enable automatic reboots, or configure email notifications.

//Unattended-Upgrade::Automatic-Reboot "true";

Step 4: Configure the Update Timer

To control how often your system checks for updates, edit the following file:

sudo nano /etc/apt/apt.conf.d/10periodic

Here’s a basic example:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";

These values tell the system to check daily for updates, download them, and install them automatically.

Step 5: View Update Logs

You can check which packages were installed automatically by looking at the logs:

cat /var/log/unattended-upgrades/unattended-upgrades.log

Conclusion

Enabling automatic security updates on your Ubuntu server is a simple but effective way to stay protected. While it’s not a replacement for full system monitoring, it ensures critical patches are applied without delay.