How to Install Security Updates Automatically on Debian and Ubuntu

It has been said before -and I couldn’t agree more- that some of the best system administrators are those who seem (note the use of the word seem here) to be lazy all the time.

While that may sound somewhat paradoxical, I bet it must be true in most cases – not because they are not doing the job they are supposed to be doing, but rather because they have automated most of it.

One of the critical needs of a Linux system is to be kept up to date with the latest security patches available for the corresponding distribution.

In this article we will explain how to set up your Debian and Ubuntu system to auto install (or update) essential security packages or patches automatically when needed.

Other Linux distributions such as CentOS/RHEL configured to install security updates automatically.

Needless to say, you will need superuser privileges in order to perform the tasks outlined in this article.

Configure Automatic Security Updates On Debian/Ubuntu

To begin, install the following packages:

# aptitude update -y && aptitude install unattended-upgrades apt-listchanges -y

where apt-listchanges will report what has been changed during an upgrade.

Next, open /etc/apt/apt.conf.d/50unattended-upgrades with your preferred text editor and add this line inside the Unattended-Upgrade::Origins-Pattern block:

Unattended-Upgrade::Mail "root";

Finally, use the following command to create and populated the required configuration file (/etc/apt/apt.conf.d/20auto-upgrades) to activate the unattended updates:

# dpkg-reconfigure -plow unattended-upgrades

Choose Yes when prompted to install unattended upgrades:

Configure Unattended Security Updates on Debian

Configure Unattended Security Updates on Debian

then check that the following two lines have been added to /etc/apt/apt.conf.d/20auto-upgrades:

APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Unattended-Upgrade "1";

And add this line to make reports verbose:

APT::Periodic::Verbose "2";

Last, inspect /etc/apt/listchanges.conf to make sure notifications will be sent to root.

Notify Security Updates on Debian

Notify Security Updates on Debian

In this post we have explained how to make sure your system is updated regularly with the latest security patches. Additionally, you learned how to set up notifications in order to keep yourself informed when patches are applied.

Do you have any questions about this article? Feel free to drop us a note using the comment form below. We look forward to hearing from you.

If You Appreciate What We Do Here On TecMint, You Should Consider:

TecMint is the fastest growing and most trusted community site for any kind of Linux Articles, Guides and Books on the web. Millions of people visit TecMint! to search or browse the thousands of published articles available FREELY to all.

If you like what you are reading, please consider buying us a coffee ( or 2 ) as a token of appreciation.

Support Us

We are thankful for your never ending support.

Gabriel Cánepa

Gabriel Cánepa is a GNU/Linux sysadmin and web developer from Villa Mercedes, San Luis, Argentina. He works for a worldwide leading consumer product company and takes great pleasure in using FOSS tools to increase productivity in all areas of his daily work.

Your name can also be listed here. Got a tip? Submit it here to become an TecMint author.

RedHat RHCE and RHCSA Certification Book
Linux Foundation LFCS and LFCE Certification Preparation Guide

You may also like...

8 Responses

  1. petermeissner says:

    Thanks.

    A thing that would make the post even better would be adding a short sentence to each step explaining why we are doing this and what effect it has.

  2. Doug says:

    What a legend. Thank you for an awesome post just set my little VPS up to auto update.

  3. Sebastian Müller says:

    Hi, I have the same questions about the notifications as Mr. Mossmann. How and when is the notification displayed or do I need to fetch them myself from where?
    Thanks

  4. max says:

    it uses cron.daily

  5. Pol says:

    Hi, thanks for your howto, very useful! Does cron start unattended-upgrade?

  6. gaston louis says:

    It is possible de run this command with noninteractive mode ? :

    dpkg-reconfigure -plow unattended-upgrades

    because I have a lot a server to configure a Security Updates Automatically …

    THANKS FOR ANSWERS

  7. gaston says:

    Famous !

    question : we don’t have to use CRON to periodic check when security update is available ?
    how that run ?

    Thanks

  8. Michael Mossman says:

    Is it possible to notify ANOTHER user, e.g. my regular user login? Also, how are the notifications displayed?

Got something to say? Join the discussion.

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.