How to Enable / Disable Unattended Upgrades in Ubuntu 16.04

Unattended upgradesTo protect your data in any ubuntu based system, it is imperative to update packages and apply security patches regularly. It is much better if the system itself applies the security updates. The unattended upgrades in Ubuntu 16 allow system administrator to automatically install updated packages and security patches whenever it becomes available. This article covers installation and configuration of unattended upgrades in Ubuntu 16.

Install unattended upgrades in ubuntu 16

To install unattended-upgrades, execute the following command in the terminal.

 # sudo apt install unattended-upgrades

Enable unattended upgrades in ubuntu 16

To pick which updates you want to make automatic by editing the file /etc/apt/apt.conf.d/50unattended-upgrades. This allows apt to search for new updates and upgrades. The default option is security.

# vi /etc/apt/apt.conf.d/50unattended-upgrades

Adjust the following lines that suit your needs.

Unattended-Upgrade::Allowed-Origins {
 "${distro_id}:${distro_codename}";
 "${distro_id}:${distro_codename}-security";
 ..........................
 ..........................
 ..........................
 "${distro_id}ESM:${distro_codename}";
 // "${distro_id}:${distro_codename}-updates";
 // "${distro_id}:${distro_codename}-proposed";
 // "${distro_id}:${distro_codename}-backports";
 };

The default configuration upgrades security packages from security APT source to automatically. You can also configure automatic updates from other APT sources such as updates, proposed and back-ports by uncommenting the above corresponding lines.

Block packages from automatic updating

You can blacklist few packages from being automatically updated by adding them in the blacklist section like below. Anything that comes under this list will not be updated automatically. In the following configuration, the packages vim, libc6, libc6-dev, libc6-i686 will not be automatically updated.

Unattended-Upgrade::Package-Blacklist {
 "vim";
 "libc6";
 "libc6-dev";
 "libc6-i686";
};

At last, edit the file /etc/apt/apt.conf.d/10periodic to configure when update, upgrade and auto-clean should run.

# vi /etc/apt/apt.conf.d/10periodic
APT::Periodic::Update-Package-Lists "1";
APT::Periodic::Download-Upgradeable-Packages "1";
APT::Periodic::AutocleanInterval "7";
APT::Periodic::Unattended-Upgrade "1";

The above configuration lets unattended upgrades update the package list, downloads and installs available upgrades every day and the local download archive is cleaned every week. If you want to disable automatic updates, just change the value 1 to 0. Check the log of unattended-upgrades inside the folder /var/log/unattended-upgrades. You can disable the automatic updates by making the value of the parameter APT::Periodic::Update-Package-Lists to "0".

Or you can get rid of the tool itself by below command

# apt-get remove update-manager

Now you can keep important services in any Ubuntu based system up to date and will be automatic. The automatic updates will be applied only to the services provided by the package repositories and will not be applied to the services compiled from source.

Dwijadas Dey 4:30 am

About Dwijadas Dey

Dwijadas Dey is working with GNU/Linux, Open source systems since 2005. Having avid follower of GNU/Linux, He believes in sharing and spreading the open source ideas to the targeted audience. Apart from freelancing he also writes for community. His current interest includes information and network security.

Author Archive Page

Have anything to say?

Your email address will not be published. Required fields are marked *

All comments are subject to moderation.

1 Comment

  1. Hello, good afternoon.
    I have a Ubuntu 16.04 server with a moodle platform but what I want is to disable the updates to avoid future chaos on the server, I made the modification of the 10periodic file but they are not disabled, I do not know what the problem is because it does not and I am still coming upgrades to my server, I hope you can count on the support of you maestro.As to solve this problem.Thanks