Friday, November 15, 2024
Google search engine
HomeSecurity & TestingHow to Setup and Enable Automatic Security Updates on Ubuntu

How to Setup and Enable Automatic Security Updates on Ubuntu

Introduction

Failing to keep your Ubuntu operating system packages up-to-date risks overall security.

Managing the process manually, wastes valuable resources and can even lead to overlooking essential security updates. There is a better solution. In this tutorial, we will explain how to Enable automatic security updates in Ubuntu 18.04.

how to set up automatic security updates on ubuntu 18.04how to set up automatic security updates on ubuntu 18.04

Prerequisites

  • A command-line/terminal window (Ctrl-Alt-T)
  • A user account with sudo or root privileges
  • The apt package manager, included by default

Step 1: Install unattended-upgrades Package

1. Install the unattended-upgrade package by running the following command:

sudo apt install unattended-upgrades

2. Verify the installation:

systemctl status unattended-upgrades

The output that confirms a successful installation and active status appears as below:

example for confirmation of successful installation of unattended upgrades serviceexample for confirmation of successful installation of unattended upgrades service

Step 2: Configure unattended-upgrades File

Now that you have completed the installation, we need to configure individual elements and define the parameters for the auto updates.

This example uses the nano text editor. However, any other text editor will work.

Accessing the Configuration File

The unattended-upgrades configuration file is found in the /etc/apt/apt.conf.d directory.

Access the configuration file with the following command:

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
example of the configuration fileexample of the configuration file

The unattended-upgrades package ignores lines that start with // as that line is considered to be a comment.

If you want a repository to update automatically, you need to remove // from that line.

For our purposes, we only need to remove // from the “security” line.

Blacklist Packages

The Unattended-Upgrade::Package-Blacklist section of the config file allows you to block upgrades for specific packages.

1. To block upgrades for specific packages, add the desired package name to the list. Remember to remove // to uncomment the line. In this example, vim and nginx.

ehample of adding packages to a listehample of adding packages to a list

2. Save the changes you made and exit the file.

Email Notifications

Automatic updates can run into issues. If an error does occur, the system can be set up to notify you via email. To enable this option remove // and edit the following lines:

Unattended-Upgrade::Mail example@email.com;

Unattended-Upgrade::MailOnlyOnError “true”;

example of enabling email updates for security alerts example of enabling email updates for security alerts

Step 3: Enable Automatic Upgrades

The final step to enable Ubuntu automatic updates is to edit the auto-upgrades file with the command:

sudo nano /etc/apt/apt.conf.d/20auto-upgrades
example of how to edit how often the updates run on ubuntuexample of how to edit how often the updates run on ubuntu

This file allows you to define how often the auto updates take place.

  • Update-Package-Lists: 1 enables auto-update, 0 disables.
  • Unattended-Upgrade: 1 enables auto-upgrade, 0 disables.
  • AutocleanInterval: Enables auto clean packages for X days. This configuration displays 7 days

For example, APT::Periodic::AutocleanInterval “7”; means that the system will clear the download archive every seven (7) days.

Step 4: Testing Automatic Upgrades

To verify that the automatic upgrades are set up correctly perform a dry run. The dry run command ensures that the update is only a simulation and that no actual changes will take place. Use the command:

sudo unattended-upgrades --dry-run --debug
example of using the dryrun command to verify auto updates are successfully setupexample of using the dryrun command to verify auto updates are successfully setup

Another option to check if the settings are applied correctly is to access the unattended-upgrades log. The log provides a detailed overview of previous upgrades:

/var/log/unattended-upgrades/unattended-upgrades.log

Conclusion

By following this guide, you have successfully installed, configured and enabled automatic security updates on Ubuntu.

Your system is now protected by the latest security packages at all times, making the whole process fully automated.

Was this article helpful?
YesNo

RELATED ARTICLES

Most Popular

Recent Comments