How to enable auto updates in Ubuntu 20.04

It is important to keep your Linux server up to date with security updates. Linux distributions like Ubuntu and Debian release updates on a daily basis, so keeping the system up-to-date can become a tedious task. Fortunately, there is an option to install security updates automatically. Here are the steps to enable automatic security updates in Ubuntu 20.04 and later versions.

Auto Updates in Ubuntu 20.04

To enable automatic updates, also known as unattended upgrades, follow the steps below. First, open a console or connect to your Ubuntu system by SSH.

Update Ubuntu package lists and install pending updates:

sudo apt-get update
sudo apt-get upgrade

Then install the unattended-upgrades package with apt.

sudo apt-get install unattended-upgrades

To enable the unattended-upgrades function, run:

sudo dpkg-reconfigure --priority=low unattended-upgrades

This will start the package configuration wizard:

Ubuntu unattended updates

Choose "Yes" here and press enter. This will create a new file /etc/apt/apt.conf.d/20auto-upgrades which activates the auto-update function.

Optional: You can adjust the update options in the file /etc/apt/apt.conf.d/50unattended-upgrades

nano /etc/apt/apt.conf.d/50unattended-upgrades

The default setup will be this:

Unattended-Upgrade::Allowed-Origins {
    "${distro_id}:${distro_codename}";
    "${distro_id}:${distro_codename}-security";
    // Extended Security Maintenance; doesn't necessarily exist for
    // every release and this system may not have it installed, but if
    // available, the policy for updates is such that unattended-upgrades
    // should also install from here by default.
    "${distro_id}ESMApps:${distro_codename}-apps-security";
    "${distro_id}ESM:${distro_codename}-infra-security";
    // "${distro_id}:${distro_codename}-updates";
    // "${distro_id}:${distro_codename}-proposed";
    // "${distro_id}:${distro_codename}-backports";
};

This means that only security updates will be installed automatically. This is the safest option as security updates should never break the existing server setup.

If you like to install normal updates automatically as well, then remove the // in front of the "${distro_id}:${distro_codename}-updates" line.

Unattended Upgrades Log

There is a log file where you can view all actions done by the unattended upgrade system. You can view the file e.g. with the tail command:

tail -n 100 /var/log/unattended-upgrades/unattended-upgrades.log

The command will show the last 100 lines of the log file. Example:

Unattended upgrade log

Leave a Comment

*