How to Enable Automatic Security Updates in Ubuntu
Security is one of the top priorities for any system administrator. In Ubuntu, enabling automatic security updates is a simple yet effective way to ensure that your system stays protected against known vulnerabilities — even when you're not actively managing it.
This article provides a step-by-step guide to enable automatic security updates on Ubuntu using the built-in unattended-upgrades package.
Why Enable Automatic Security Updates?
Manual patching of security vulnerabilities can be time-consuming, and in some cases, delays can expose systems to serious threats. Ubuntu offers a built-in way to automatically install critical security updates without requiring user intervention, which is especially useful for servers, unattended machines, or large-scale environments.
Step 1: Install unattended-upgrades
Ubuntu includes the unattended-upgrades package by default, but in case it's not present on your system, you can install it using the following command:
sudo apt update sudo apt install unattended-upgrades
Step 2: Enable the Service
To configure the system to automatically apply security updates, run the following command:
sudo dpkg-reconfigure --priority=low unattended-upgrades
You’ll be prompted to confirm whether you want to enable automatic updates. Select “Yes.”
Step 3: Verify Configuration
The core settings are managed in two configuration files:
/etc/apt/apt.conf.d/50unattended-upgrades
This file defines which updates will be applied. For example:
Unattended-Upgrade::Allowed-Origins { "${distro_id}:${distro_codename}-security"; };
You can add additional repositories (like updates or backports) if desired.
/etc/apt/apt.conf.d/20auto-upgrades
This file controls the automation frequency:
APT::Periodic::Update-Package-Lists "1"; APT::Periodic::Download-Upgradeable-Packages "1"; APT::Periodic::AutocleanInterval "7"; APT::Periodic::Unattended-Upgrade "1";
Each value corresponds to the number of days between each operation. Setting "1" runs it daily.
Optional: Enable Automatic Reboots
If a reboot is required after installing updates, you can configure Ubuntu to automatically restart at a set time:
Add this to the bottom of /etc/apt/apt.conf.d/50unattended-upgrades:
Unattended-Upgrade::Automatic-Reboot "true"; Unattended-Upgrade::Automatic-Reboot-Time "03:00";
This ensures your system reboots safely during off-peak hours.
How to Test the Configuration
To simulate an update and ensure the configuration is working, you can run:
sudo unattended-upgrade --dry-run --debug
This will show you what the tool would do without making any changes.
Final Thoughts
Automatic security updates are a foundational step in maintaining a secure Ubuntu environment. While it's not a substitute for full system patch management and monitoring, it greatly reduces your exposure to known threats especially in headless or production systems.
For more advanced use cases, such as applying all updates (not just security) or using custom notifications, unattended-upgrades can be extended further. But for most users, these simple steps provide a solid layer of defense.