The Linux server security is indeed an essential task for sysadmins. One of the most fundamental ways to keep the server secure is by installing security updates on time to patch vulnerabilities. You need to install the unattended-upgrades package. It will automatically install software updated, including security updates. This page shows how to install security updates automatically when released by the Ubuntu security team.
Automatic updates for Ubuntu Linux
- Update the server, run:
sudo apt update && sudo apt upgrade
- Install unattended upgrades on Ubuntu. Type the following apt command
sudo apt install unattended-upgrades apt-listchanges bsd-mailx
- Turn on unattended security updates, run:
sudo dpkg-reconfigure -plow unattended-upgrades
- Configure automatic updates, enter:
sudo vi /etc/apt/apt.conf.d/50unattended-upgrades
Set up alert email ID:
Automatically reboot Ubuntu box WITHOUT CONFIRMATION for kernel updates:
Finally edit the /etc/apt/listchanges.conf and set email ID:
Save and close the file.
- Verify that it is working by running the following command:
sudo unattended-upgrades --dry-run
Ubuntu automatic updates sample email alert
Configuring Unattended-Upgrade::Mail in 50unattended-upgrades file enables unattended-upgrades to email a sysadmin detailing any packages that need upgrading or have problems. The Ubuntu server sent an update report via email as follows:
See automatic updates logs
Now that you set up automatic updates on Ubuntu Server 18.04 LTS. It is time to see logs. Hence, use the grep command or cat command or more command/egrep command:
sudo cat /var/log/unattended-upgrades/unattended-upgrades.log
sudo tail -f /var/log/unattended-upgrades/unattended-upgrades.log
sudo grep 'linux-image' /var/log/unattended-upgrades/unattended-upgrades.log
And you are done. I hope this helps you to keep the server or virtual machine running in cloud current with the latest security updates automatically.
You learned how to configure automatic unattended updates for your Ubuntu Linux based server up-to-date. It is a simple and easiest way to protect your server from vulnerabilities. This method is also beneficial when you administrate multiple servers. Manually updating the system and applying patches can be a very time-consuming process. However, for a large number of servers/VMs, I would recommend something like Ansible.