How to Manually Install Security Updates on Ubuntu 18.04

One of the most crucial tasks that a systems administrator needs to undertake is ensuring that systems are patched with the latest security updates. Ubuntu is considered as one of the most secure Linux distributions but it can be susceptible to vulnerabilities as well. An updated system is secure and stands a better chance against malware and attackers.

In this article, we'll focus on how one can manually install security updates in Ubuntu 18.04.

List Security Updates

To display security updates only ,

sudo unattended-upgrade --dry-run -d

Or

apt-get -s dist-upgrade| grep "^Inst" | grep -i security

If you wish to display all upgradeable packages run

apt-get -s dist-upgrade | grep "^Inst"

Sample Output

Inst libplymouth4 [0.9.2-3ubuntu13.4] (0.9.2-3ubuntu13.5 Ubuntu:16.04/xenial-upd         ates [amd64])
Inst plymouth [0.9.2-3ubuntu13.4] (0.9.2-3ubuntu13.5 Ubuntu:16.04/xenial-updates          [amd64]) [plymouth-theme-ubuntu-text:amd64 ]
Inst plymouth-theme-ubuntu-text [0.9.2-3ubuntu13.4] (0.9.2-3ubuntu13.5 Ubuntu:16         .04/xenial-updates [amd64])

Finally, to install security updates only, run

apt-get -s dist-upgrade | grep "^Inst" | grep -i securi | awk -F " " {'print $2'} | xargs apt-get install

Manually Install Security Updates

To manually configure a system for security updates,

First, install unattended-upgrade package

apt-install unattended-upgrades

Sample Output

Reading package lists... Done
Building dependency tree
Reading state information... Done
unattended-upgrades is already the newest version (0.90ubuntu0.9).
0 upgraded, 0 newly installed, 0 to remove and 3 not upgraded.

After successful installation, you can proceed and call it manually as shown

sudo unattended-upgrade -d -v

Output

Initial blacklisted packages:
Initial whitelisted packages:
Starting unattended upgrades script
Allowed origins are: ['o=Ubuntu,a=xenial', 'o=Ubuntu,a=xenial-security', 'o=UbuntuESM,a=xenial']
adjusting candidate version: 'libplymouth4=0.9.2-3ubuntu13'
adjusting candidate version: 'plymouth=0.9.2-3ubuntu13'
adjusting candidate version: 'plymouth-theme-ubuntu-text=0.9.2-3ubuntu13'
pkgs that look like they should be upgraded:
Fetched 0 B in 0s (0 B/s)
fetch.run() result: 0
blacklist: []
whitelist: []
No packages found that can be upgraded unattended and no pending auto-removals

The -v flags prints out the process in verbose on a command line.

The -d handle debug messages in the system.

Setting up Automatic security updates

To configure your system to receive automatic security updates, follow the steps below

1. Install Unattended upgrade packages

To install unattended upgrades. First, log in as root and update the system

apt update

Next, install unattended-upgrades

apt install unattended-upgrades

2. Configure your Ubuntu system

After installation of Unattended updates, it's time now to configure your system.
Open the unattended upgrade configuration file as shown

vim/etc/apt/apt.conf.d/50unattended-upgrades

Comment out all line except the one with the security attribute as shown
manually install security updates in Ubuntu
If you wish to exclude packages from being upgraded unattended, you can do so in the file configuration file under the Unattended-Upgrade::Package-Blacklist section.

Append each package on each line as shown

manually install security updates in Ubuntu

In the example above, vim text editor and MariaDB-server packages have been excluded. Save and Exit he configuration file.

3. Enable auto updating

Finally, you need to open the unattended-upgrades attributes

vim /etc/apt/apt.conf.d/20auto-upgrades

Save and Exit.

Reboot your system for the changes to take effect.

In this brief article, we have taken you through how to automatically and manually install security updates in Ubuntu 18.04. You are welcome to try out the above commands. Keep it locked for more insightful articles!

Jamie Arthur 12:05 am

About Jamie Arthur

Hey, I'm James, a passionate Linux Systems administrator, and a tech enthusiast. I derive immense gratification in conducting research on Linux systems and keeping myself up to date with the latest in the technology world.

Author Archive Page

Have anything to say?

Your email address will not be published. Required fields are marked *

All comments are subject to moderation.