One of the no. 1 things we recommend is keeping your operating system up to date!
The means to automate the process is pretty straight forward.
This procedure is pretty much the same for Ubuntu or Debian
Step 1: package installation
sudo apt install unattended-upgrades
This package may already be installed on your server.
Step 2: configure automatic updates
Edit the configuration file (here with nano – replace with any other text editor):
sudo nano /etc/apt/apt.conf.d/50unattended-upgrades
The beginning of the configuration file should look like this:
Anything after a double slash “
// ” is a comments and has no effect. To “enable” a line, remove the double slash at the beginning of the line (replace with nothing or with spaces to keep alignment).
The most important: uncomment the “
updates ” line by deleting the two slashes at the beginning of it:
Optional: You should uncomment and adapt the following lines to ensure you’ll be notified if an error happens:
Unattended-Upgrade::Mail "[email protected]";
Recommended: remove unused kernel packages and dependencies and make sure the system automatically reboots if needed by uncommenting and adapting the following lines:
↑ You may have to add a semicolon at the end of this line. ↑
Unattended-Upgrade::Automatic-Reboot "true";Unattended-Upgrade::Automatic-Reboot-Time "02:38";
To save your changes in nano , use Ctrl + O followed by Enter. To quit, use Ctrl + X.
Step 3: enable automatic updates
Enable automatic updates and set up update intervals by running:
sudo nano /etc/apt/apt.conf.d/20auto-upgrades
In most cases, the file will be empty. Copy and paste the following lines:
The time interval are specified in days, feel free to change the values. Save changes and exit.
Step 4: check if it works
You can see if the auto-upgrades work by launching a dry run:
sudo unattended-upgrades --dry-run --debug
The dry run should output something like this:
Another way to check if automatic updates work is waiting a few days and checking the unattended upgrades logs: