How to enable automatic security updates for Ubuntu Server

If you’re not regularly checking your Ubuntu servers for available updates, you should at least enable them for automatic security updates. Jack Wallen shows you how.


Image: Jack Wallen

If there’s one thing server admins need to always take care of, it’s checking for and applying updates. When those updates get neglected, your servers wind up vulnerable, which could lead to attacks and data theft. To that end, you should always make time to regularly update. 

In the real world, we know that’s a task which can go ignored, especially when you find yourself constantly dealing with the daily grind of issues that arise. If that sounds like you, you might want to enable automatic security updates for your Ubuntu Servers. 

Let me show you how. 

Log in to your Ubuntu server and install the unattended upgrade package with the command:

 sudo apt-get install unattended-upgrades -y

Once that’s done, install the update-notifier-common package for automatic reboots with the command: 

sudo apt-get install update-notifier-common -y

Next, edit the 50unattended-upgrades file with the command: 

sudo nano /etc/apt/apt.conf.d/50unattended-upgrades

By default, security updates are enabled, so you don’t have to bother with that section. You might, however, want to enable automatic reboots. 

Scroll down to that section and you can define if automatic reboots are taken care of immediately or at a specific time. To enable automatic reboots, remove the leading // characters from the line Unattended-Upgrade::Automatic-Reboot “false”; and change false to true. 

You can then do the same for the Unattended-Upgrade::Automatic-Reboot “false” line and set it to the time you wish for the automatic reboot to occur (so it doesn’t happen during productivity hours). 

And that’s all there is to enabling automatic security updates for Ubuntu Server. Even if you don’t opt to enable the automatic reboots, you should at least make sure to enable the automatic update feature and then issue the command cat /var/run/reboot-required to see if a reboot is required. If so, you’ll see System Restart Required listed. Reboot your machine and enjoy those updates.