How to Enable Automatic Updates on Ubuntu 20.04

One of the crucial administration roles that any sysadmin is tasked to do is to ensure that the security patches and feature updates are regularly applied. Security updates address pre-existing vulnerabilities that can be exploited by malicious users to breach the system. Delayed patching of system packages may result in system breaches where confidential information is access and exfiltrated. Manually updating packages on Ubuntu - and any Linux system for that matter - is a tedious task and wastes a lot of your precious time. This is time that could have been spent elsewhere performing more productive tasks. As a workaround, configuring automatic updates on a Linux server comes highly recommended. In this guide, we walk you through how to enable automatic updates on Ubuntu 20.04.

Configuration of automatic updates is made possible by the unattended-upgrades package. The package keeps your system in sync with the latest security and feature updates. We are going to show you how to install the package, and later how to modify the configuration file to control which updates are upgraded and how you can send email alerts.

Step 1: Install unattended-upgrades package

As discussed before, the first step is to install the unattended-upgrades package. To achieve this, we will use the APT package manager as follows:

$ sudo apt install unattended-upgrades

When the installation is complete, verify using the following systemctl command:

$ sudo systemctl status unattended-upgrades

By default, the unattended-upgrades daemon should run once the installation is complete as evidenced in the screenshot below.

Check status of unattended-upgrades
Check status of unattended-upgrades

To set automatic updates, we are going to install the update-notifier-common package.:

$ sudo apt install update-notifier-common
Install update-notifier-common
Install update-notifier-common

Step 2: Configure unattended-upgrades service

In this step, we are going to make changes to the unattended-upgrades configuration file.

$ sudo vim /etc/apt/apt.conf.d/50unattended-upgrades

The file helps you to specify which packages should automatically be updated or skipped during the update process. By default, however, only security updates are set to be automatically installed as shown in the lines below. Therefore, no action is needed.

Line starting with double slashes ( // ) are commented. If you want to update a repository you need to uncomment or remove the double slash signs.

automatic updates on Ubuntu 20.04

For example, to blacklist some packages from being upgraded, remove the double slash signs in the line with the parameter Unattended-Upgrade::Package-Blacklist {

Then specify the package names. In the example below, we have prevented the Mariadb and Nginx packages from being upgraded.

When you scroll down, you can see a host of other options that you might decide to enable or leave them as they are.

Step 3: Enable email notifications

Sometimes, you may want to receive email notifications. To achieve this, scroll and locate the line below and remove the preceding double slashes.

//Unattended-Upgrade::Mail " ";

Be sure to specify the recipient email address.

Unattended-Upgrade::Mail "me@example.com ";

In addition, you can choose to receive email updates in case an update goes wrong, such as when security updates fail. To do so, locate this line:

//Unattended-Upgrade::MailReport  "on-change";

uncomment it and change the attribute "on-change" to "only-on-error"

Only send an email if an update fails
Only send an email if an update fails

When security updates are installed, it's always good practice to restart the server in order to update the kernel. You can enable an automatic reboot by locating the line below.

//Unattended-Upgrade::Automatic-Reboot "false";

Change the "false" value to "true"

automatic reboot upon applying security updates
Enable automatic reboot upon applying security updates

If there are users logged in and you would desire to proceed with the reboot, locate the line"

// Unattended-Upgrade::Automatic-Reboot-WithUsers "true";

Uncomment it so that it resembles what we have below:

Enable automatic reboot while users are still logged in

You can also determine the time the update will occur by uncommenting the line below. By default, this is set to 4:00 am.

// Unattended-Upgrade::Automatic-Reboot-Time "04:00";

In our case, we have set it to 3:00am

Set automatic reboot time
Set automatic reboot time

There are many other rules you can set to suit your needs. Simply scroll and uncomment the directives as we have just elaborated.

Once you are done, save the changes and exit the configuration file. That's about it in this section.

Step 4: Enable automatic updates on Ubuntu 20.04

Finally, to enable automatic upgrades , edit the 20auto-upgrades file as shown.

$ sudo vim /etc/apt/apt.conf.d/20auto-upgrades

By default, the file has two lines as shown.

automatic updates on Ubuntu 20.04
automatic updates on Ubuntu 20.04

These lines allow you to determine how the upgrade will occur. The first line handles the update of the package lists while the second one initiates the automatic upgrades.

The value "1" enables the auto-update and the auto-upgrade respectively. If you want to disable it, set this value to "0".

No changes are required here, just save and exit the file.

Step 5: Set up a mail server

For you to receive notifications, you need to configure an email server. There are a couple of options that you can use including mailx and postfix.

For best results, install Postfix to configure SMTP relay to external SMTP servers. We have a detailed guide on how to setup Postfix mail server on Ubuntu.

Conclusion

If you have come this far, you have successfully managed to set automatic updates on Ubuntu 20.04. You can rest assured that your packages will always be to up to date with the latest versions. Also, your server will be up to speed with the latest security patches to address any underlying security loopholes.

4 Comments... add one

  1. re the last step 4: the folder /etc/apt/apt.conf.d/ does not contain the file 20auto-upgrades - It contains an archiving file 20archive and a 10periodic file

    Reply
    • Hey Leo, thanks for reaching out.

      May I ask if you are using Ubuntu 20.04? If you are, then you should see a bunch of files in the /etc/apt/apt.conf.d/ directory including the 20auto-upgrades file. I'd suggest you download a VirtualBox image file for Ubuntu 20.04 at https://www.osboxes.org/ubuntu/ and confirm.

      Reply
      • I can confirm what leo says. Checked on 3 VPSes with ubuntu 20.04 server. All of them clean installs. There is no /etc/apt/apt.conf.d/20auto-upgrades but you can either create it manually or by running:

        dpkg-reconfigure --priority=low unattended-upgrades

        Reply

Leave a Comment