Regularly updating your server is a crucial aspect to the overall security of your system. Sysadmins must be concerned about the security of Linux servers. Installing security updates on time fixes vulnerabilities that could be exploited by malicious individuals to gain access to the system.
Manually updating your Linux system is a task that’s easy to overlook, especially when you’re always dealing with other issues that arise. Configuring automatic updates provides an easy way to get the security patches and feature updates regularly.
This guide will discuss how to enable automatic updates on Ubuntu 20.04.
Step 1: Install unattended-upgrades package
The unattended-upgrades package allows you to configure automatic updates. The package ensures that your system is up to date on all security and feature upgrades.
First, lets install the unattended-upgrades package via the apt package manager as shown:
$ sudo apt install unattended-upgrades
Next, confirm the package was installed using the following systemctl command:
$ sudo systemctl status unattended-upgrades
The unattended-upgrades service is now up and running.
Next, let’s install the update-notifier-common package to enable automatic updates.
$ sudo apt install update-notifier-common
Step 2: Configure unattended-upgrades service
Now let’s make changes to the unattended-upgrades configuration file.
This file allows you to specify which packages should automatically be updated or excluded during the update process. By default, only security updates are set to be automatically installed.
$ sudo vim /etc/apt/apt.conf.d/50unattended-upgrades
The configurations in the file are commented using the double slash (//). Uncomment or remove the double slash if you want to update a repository or make changes in your settings.
To exclude a package from being updated, include it in the Unattended-Upgrade::Package-Blacklist section. For example, to prevent Nginx from being updated, include the name as shown below:
Step 3: Set up email notifications
It’s a good idea to set up e-mail notifications, especially if you’re running unattended servers. You can also select “only-on-error” to receive notifications only when there is an error. Locate the line below to set up an email.
//Unattended-Upgrade::Mail " ";
Make sure to provide the email address of the receiver.
Unattended-Upgrade::Mail "[email protected] ";
In addition, you can also select “only-on-error” to receive notifications only when there is an error. Selecting email “on-change” in the configuration file allows you to receive notifications when software changes.
Uncomment the following line and change it according to your preferences. //Unattended-Upgrade::MailReport “on-change”;
Step 4: Enable Automatic Reboot
It’s always a good idea to restart the server after applying security updates so that the kernel can be updated. You can activate an automated reboot in the line shown below:
//Unattended-Upgrade::Automatic-Reboot "false";
Set it to true to enable automatic reboot.
If there are any users logged in and you still want to reboot locate the following line and set it to true”
// Unattended-Upgrade::Automatic-Reboot-WithUsers "true";
You can specify the time the automatic reboot will occur.
// Unattended-Upgrade::Automatic-Reboot-Time "04:00";
There are many other settings you can change to suit your needs. Simply uncomment them as we have discussed in this section.
Once you are done, save the changes and exit the configuration file.
Step 5: Enable automatic updates
In this step we will enable automatic upgrades. Edit the 20auto-upgrades configuration file as follows:
$ sudo vim /etc/apt/apt.conf.d/20auto-upgrades
This file has only two lines as shown.
The first line is responsible for updating the package lists, while the second initiates the automated upgrades. The auto-update and auto-upgrade are enabled by the value “1.” Set this value to “0” if you wish to disable it.
Conclusion
You have successfully configured Ubuntu 20.04 to receive automatic updates. You can be confident that your packages will always be updated.
Karim Buzdar holds a degree in telecommunication engineering and holds several sysadmin certifications including CCNA RS, SCP, and ACE. As an IT engineer and technical author, he writes for various websites.
