1. Knowledge Base
  2. Linux Os
  3. How to Set Up Unattended Upgrades on Linux

How to Set Up Unattended Upgrades on Linux

A Step-by-Step Guide for System Administrators and IT Professionals

Introduction

Unattended upgrades are essential for maintaining the security and stability of Linux systems. By automatically installing important updates, this service helps protect servers and workstations from vulnerabilities without requiring manual intervention. This guide provides clear, step-by-step instructions for updating your system, installing and configuring the Unattended Upgrades service, backing up its configuration, and customizing automatic update preferences.

Step 1: Update and Upgrade System Packages

Before configuring automatic updates, ensure your system is current. This minimizes compatibility issues and applies the latest security patches.

1.      Update the package index:

2.      sudo apt update

3.      This command refreshes the list of available packages and updates their versions.

4.      Upgrade installed packages:

5.      sudo apt upgrade -y

6.      This command installs the newest versions of all packages currently installed on the system.

Step 2: Install, Enable, and Start Unattended Upgrades

Unattended Upgrades is a package that automatically installs security updates. Follow these steps to install and activate it.

1.      Install Unattended Upgrades and its dependencies:

2.      sudo apt install unattended-upgrades -y

3.      This command installs the unattended-upgrades package and any required dependencies.

4.      Enable the service to run automatically:

5.      sudo systemctl enable unattended-upgrades

6.      Enables the service to start at boot.

7.      Start the service:

8.      sudo systemctl start unattended-upgrades

9.      Starts the service immediately.

10. Check service status (optional):

11. sudo systemctl status unattended-upgrades

12. Verifies that the service is running as expected.

Step 3: Backup the Default Configuration File

Before making any changes, it's best practice to back up the original configuration file. This allows you to restore the default settings if needed.

1.      Backup the configuration file:

2.      sudo cp /etc/apt/apt.conf.d/50unattended-upgrades /etc/apt/apt.conf.d/50unattended-upgrades.bak

3.      This command copies the original configuration file to a backup file with the .bak extension.

Step 4: Edit Configuration File for Automatic Update Preferences

Customize your automatic update settings by editing the Unattended Upgrades configuration file. Key preferences include specifying which updates are applied.

1.      Open the configuration file with nano:

2.      sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

3.      This command opens the configuration file for editing in the nano text editor.

4.      Locate the "Allowed-Origins" section:

5.      Scroll to find the Allowed-Origins list. This section determines which updates are automatically installed.

6.      Uncomment desired lines:

7.      To activate a line, remove the double slashes (//) at the beginning. For example:

8.      "Ubuntu stable";

9.      "Ubuntu-security";

10. This enables updates from the specified repositories.

11. Save and exit nano:

12. Press Ctrl+O to save, then Ctrl+X to exit.

Conclusion

By updating your system, installing and configuring Unattended Upgrades, backing up its configuration, and customizing update preferences, you ensure your Linux environment remains secure and up to date with minimal manual effort. For further customization, refer to the official documentation or consult your organization's security policy. Regularly monitor logs and service status to verify updates are applied as expected.