How to Install Security Updates Automatically on Debian and Ubuntu

It has been said before -and I couldn’t agree more- that some of the best system administrators are those who seem (note the use of the word seem here) to be lazy all the time.

While that may sound somewhat paradoxical, I bet it must be true in most cases – not because they are not doing the job they are supposed to be doing, but rather because they have automated most of it.

One of the critical needs of a Linux system is to be kept up to date with the latest security patches available for the corresponding distribution.

In this article we will explain how to set up your Debian and Ubuntu system to auto install (or update) essential security packages or patches automatically when needed.

Other Linux distributions such as CentOS/RHEL configured to install security updates automatically.

Needless to say, you will need superuser privileges in order to perform the tasks outlined in this article.

Configure Automatic Security Updates On Debian/Ubuntu

To begin, install the following packages:

# aptitude update -y && aptitude install unattended-upgrades apt-listchanges -y

where apt-listchanges will report what has been changed during an upgrade.

Next, open /etc/apt/apt.conf.d/50unattended-upgrades with your preferred text editor and add this line inside the Unattended-Upgrade::Origins-Pattern block:

Unattended-Upgrade::Mail "root";

Finally, use the following command to create and populated the required configuration file (/etc/apt/apt.conf.d/20auto-upgrades) to activate the unattended updates:

# dpkg-reconfigure -plow unattended-upgrades

Choose Yes when prompted to install unattended upgrades:

Configure Unattended Security Updates on Debian
Configure Unattended Security Updates on Debian

then check that the following two lines have been added to /etc/apt/apt.conf.d/20auto-upgrades:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

And add this line to make reports verbose:

APT::Periodic::Verbose "2";

Last, inspect /etc/apt/listchanges.conf to make sure notifications will be sent to root.

Notify Security Updates on Debian
Notify Security Updates on Debian

In this post we have explained how to make sure your system is updated regularly with the latest security patches. Additionally, you learned how to set up notifications in order to keep yourself informed when patches are applied.

Do you have any questions about this article? Feel free to drop us a note using the comment form below. We look forward to hearing from you.

Hey TecMint readers,

Exciting news! Every month, our top blog commenters will have the chance to win fantastic rewards, like free Linux eBooks such as RHCE, RHCSA, LFCS, Learn Linux, and Awk, each worth $20!

Learn more about the contest and stand a chance to win by sharing your thoughts below!

Gabriel Cánepa
Gabriel Cánepa is a GNU/Linux sysadmin and web developer from Villa Mercedes, San Luis, Argentina. He works for a worldwide leading consumer product company and takes great pleasure in using FOSS tools to increase productivity in all areas of his daily work.

Each tutorial at TecMint is created by a team of experienced Linux system administrators so that it meets our high-quality standards.

Join the TecMint Weekly Newsletter (More Than 156,129 Linux Enthusiasts Have Subscribed)
Was this article helpful? Please add a comment or buy me a coffee to show your appreciation.

8 Comments

Leave a Reply
  1. Thanks.

    A thing that would make the post even better would be adding a short sentence to each step explaining why we are doing this and what effect it has.

    Reply
  2. Hi, I have the same questions about the notifications as Mr. Mossmann. How and when is the notification displayed or do I need to fetch them myself from where?
    Thanks

    Reply
  3. It is possible de run this command with noninteractive mode ? :

    dpkg-reconfigure -plow unattended-upgrades

    because I have a lot a server to configure a Security Updates Automatically …

    THANKS FOR ANSWERS

    Reply

Got Something to Say? Join the Discussion...

Thank you for taking the time to share your thoughts with us. We appreciate your decision to leave a comment and value your contribution to the discussion. It's important to note that we moderate all comments in accordance with our comment policy to ensure a respectful and constructive conversation.

Rest assured that your email address will remain private and will not be published or shared with anyone. We prioritize the privacy and security of our users.