How to enable automatic Linux updates?

by Adam Świątkowski
4 mins read
Linux Automatic Updates

Keeping automatic Linux updates turned on will ensure the highest security and quality of OS performance. In this tutorial, you will learn how to enable them.

Automatic Linux updates equals your safety!
Automatic updates equals your safety!

Installing required packages to turn on automatic Linux updates

Let’s start by installing everything we need.

sudo apt-get update
sudo apt-get install unattended-upgrades apt-listchanges apticron

After the packages are installed correctly, let’s proceed to creating the configuration file with the rules on how and when automatic updates should take place.

sudo nano /etc/apt/apt.conf.d/51myunattended-upgrades

When the text editor will open place there the following content:

// Enable the update/upgrade script (0=disable)
APT::Periodic::Enable "1";

// Do "apt-get update" automatically every n-days (0=disable)
APT::Periodic::Update-Package-Lists "1";

// Do "apt-get upgrade --download-only" every n-days (0=disable)
APT::Periodic::Download-Upgradeable-Packages "1";

// Do "apt-get autoclean" every n-days (0=disable)
APT::Periodic::AutocleanInterval "7";

// Send report mail to root
//     0:  no report             (or null string)
//     1:  progress report       (actually any string)
//     2:  + command outputs     (remove -qq, remove 2>/dev/null, add -d)
//     3:  + trace on    APT::Periodic::Verbose "2";
APT::Periodic::Unattended-Upgrade "1";

// Automatically upgrade packages from these
Unattended-Upgrade::Origins-Pattern {

// You can specify your own packages to NOT automatically upgrade here
Unattended-Upgrade::Package-Blacklist {

// Run dpkg --force-confold --configure -a if a unclean dpkg state is detected to true to ensure that updates get installed even when the system got interrupted during a previous run
Unattended-Upgrade::AutoFixInterruptedDpkg "true";

//Perform the upgrade when the machine is running because we wont be shutting our server down often
Unattended-Upgrade::InstallOnShutdown "false";

// Send an email to this address with information about the packages upgraded.
Unattended-Upgrade::Mail "root";

// Always send an e-mail
Unattended-Upgrade::MailOnlyOnError "false";

// Remove all unused dependencies after the upgrade has finished
Unattended-Upgrade::Remove-Unused-Dependencies "true";

// Remove any new unused dependencies after the upgrade has finished
Unattended-Upgrade::Remove-New-Unused-Dependencies "true";

// Automatically reboot WITHOUT CONFIRMATION if the file /var/run/reboot-required is found after the upgrade.
Unattended-Upgrade::Automatic-Reboot "true";

// Automatically reboot even if users are logged in.
Unattended-Upgrade::Automatic-Reboot-WithUsers "true";

Save the file and run dry-run command to check if everything works correct.

sudo unattended-upgrade -d --dry-run

You should see the following message.

Automatic Linux updates dry-run check
Automatic updates dry-run check

You can configure interactively things like the administrator’s email address where messages with update status will be sent. To do this, issue the following command:

sudo dpkg-reconfigure apt-listchanges

And that’s all!

What to do next?

If you are interested in any other tips on Linux and derivatives, be sure to check out my post on how to set the Custom MOTD in Linux Debian here.

The following tutorial was based on this source. Thank you! 🙂

Related Articles

This website uses cookies to improve your experience. I'll assume you're ok with this, but you can opt-out if you wish. Read Privacy Policy. Accept